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Abstract 


Introduction 


Electronic  Resources  for 
Security  Related  Information 


The  quantity,  quality,  and  availability  of  electronic  resources  is  multiplying 
rapidly.  Information  Technology  (IT)  security  professionals  must  make  timely 
and  effective  use  of  these  resources  if  they  are  to  contain  the  growing  threats  of 
globally  networked  attackers.  This  paper  outlines  the  threats,  including  recent 
examples,  and  then  provides  multi-level  descriptions  of  the  abundant  resources 
available  to  the  information  technology  security  community.  These  descriptions 
are  valuable  to  everyone  from  networking  novices  to  sophisticated  experts. 
While  the  information  is  useful  for  the  entire  security  community,  this  paper 
pays  particular  attention  to  Department  of  Energy  requirements. 


Information  Technology  (IT)  security  professionals  are  battling  network 
attackers.  Each  of  the  professionals — from  the  operations  level  down  to  the 
assistant  computer  security  officer,  whether  classified  or  unclassified,  manager 
or  user — must  maintain  their  ability  to  recognize  the  threat  and  acquire  the 
appropriate  countermeasures.  They  must  gain  and  maintain  knowledge  and 
ability  to  use  the  ever  increasing  resources — on  parity  with  the  attackers.  This 
paper  opens  the  door  for  the  novice  and  enlarges  the  opening  for  the  expert.  It 
increases  the  reader’s  threat  awareness  and  enables  effective  and  efficient  use  of 
the  resources  that  attackers  will  certainly  use  against  us.  In  short,  cognizance  of 
electronic  resources  is  critical — they  are  the  common  ground  of  both 
information  technology  threats  and  countermeasures.  The  attackers  use  the 
resources  with  abundant  facility;  we  must  become  at  least  as  proficient.  The 
remainder  of  this  section  sets  the  perspective  of  the  exposition  that  follows. 

Over  two  decades  ago,  the  futurist  Marshall  McCluan  made  the  (since  oft- 
quoted)  observation  that  “the  electronic  interconnections  will  make  the  Earth  a 
global  village.”  It  was  a  brilliant  metaphor  and  qualitatively  predicted  the 
electronic  way  of  life  for  many  of  us.  What  is  far  more  problematic  is  the 
quantitative  impact  of  the  electronic  interconnections  on  what  we  do — 
specifically,  ensuring  secure  networking  and  computation  for  our  constituents. 
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Electronic  Resources  for  Security  Related  Information,  continued 


The  network'  is  the  product  of  a  rapidly  developing  technology  and  the  need  to 
interconnect  information  resources.  As  a  recent  phenomenon  without  historical 
precedence  and  paradigm,  it  raises  new  challenges  to  our  abilities  to  manage 
vast  resources.  Often,  the  incremental  cost  of  obtaining  valuable  information  is 
insignificant.  A  document  available  on  the  network  is  an  inexhaustible  supply  of 
its  own  copies.  Most  users  are  not  only  in  instantaneous  contact  with  each  other, 
but  with  each  other’s  private  and  public  databases  and  other  online  information. 

It  is  estimated^  that  there  are  over  three  million  nodes  on  the  Internet — the 
network  of  networks  that  links  a  significant  portion  of  the  Earth’s  intellectual 
community.  Each  machine  on  the  Internet  has  between  one  and  many  thousands 
of  users  and  these  machines  are  found  just  about  anywhere  on  the  planet.  In 
principle,  any  user  on  any  node  can  access  or  transfer  information  to  or  from 
any  other  node,  use  its  resources,  and  even  log  in  to  it. 3 

To  the  novice,  this  myriad  of  actual  and  potential  connections,  this  diversity  of 
protocols,  this  spectrum  of  philosophies  is  an  incomprehensible  maze. 
Remarkably,  with  a  little  training  and  a  modest  amount  of  determination 
bolstered  by  need,  the  electronic  world  opens  a  new  facility  in  communications 
as  well  as  a  vast  store  of  information.  To  obtain  a  true  perspective  of  its  expanse 
and  appreciation  of  its  capabilities,  one  must  experience  the  network. 


The  Threats  The  average  computer  attacker^  is  no  more  a  technological  genius  than  the 

average  driver  is  a  brilliant  automotive  engineer.  The  danger  is  not  so  much  his^ 
native  intelligence  as  his  acquired  knowledge,  training,  and  facility  with  the 
network  structures.  Notwithstanding  the  legal,  moral,  ethical,  and  pragmatic 
issues,  trying  to  reduce  the  free  flow  of  questionable  information  on  the  network 
would  be  unmanageable  at  best,  trying  to  eliminate  it  would  be  unimaginable. 
Our  goal  as  security  professionals  is  recognition  and  understanding  of  the 
threats. 

Attackers  gain  both  qualitative  and  quantitative  advantages  from  their  facility 
with  the  network.  Qualitatively,  they  have  access  to  extremely  effective 
communications  channels.  The  Internet  Relay  Chat  (IRC)  allows  them  to 
anonymously  and  openly  discuss  whatever  they  want  at  minimal  (if  any)  cost, 
while  simultaneously  being  able  to  (surreptitiously)  exchange  private 
correspondences  of  any  kind.  Eor  example,  someone  creates  an  accurate  and 
instantly  updatable  index  of  online  cracking  tools  and  then  posts  it  on  the 
network,  making  it  (and  unlimited  copies)  immediately  available  to  the  global 
cracking  community. 


'  The  network  for  the  purpose  of  this  discussion  is  a  generic  term  signifying  the  many  methods  of  electronic  interconnections.  The 
conceptual  domain  is  sometimes  referred  to  as  “cyberspace.'’ 

^  Recent  estimates  by  reliable  sources;  there  is  no  way  to  know  for  certain. 

^  In  practice,  of  course,  many  of  the  nodes  have  some  degree  of  security  which  prohibits  some  or  all  levels  of  arbitrary  access. 

^  This  document's  term  for  an  electronic  criminal;  other,  possibly  more  ambiguous  terms  are  hacker,  intruder,  cyberpunk,  phreak, 

and  so  on. 

®  The  masculine  pronoun  with  neutral  intent  is  used  for  rhetorical  smoothness.  I  find  s/he,  his/her,  his  or  her  awkward  and 
distracting. 
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Electronic  Resources  for  Security  Related  Information,  continued 

This  also  highlights  the  quantitative  aspect  of  the  attacker  advantage.  The 
amount  of  time  individuals  save  by  immediately  taking  advantage  of  each 
other’s  efforts  is  immeasurable.  They  often  use  free^  resources  and  appear  to 
have  abundant  personal  time.  Attackers  frequently  use  personal  computers  as 
well  as  computer  accounts  on  obliging  or  compromised  systems  to  search  the 
network  for  vulnerabilities. 


Examples  Early  in  1994,  the  Internet  experienced  a  continuing  series 

of  “sniffer”  attacks.  That  is,  attackers  compromised  host 
systems,  installed  software  that  monitored  and  recorded 
specific  Local  Area  Network  transactions  that  included  host 
name/user  name/password  combinations.  Some  intruders 
evaded  detection  through  the  use  of  sophisticated  Trojan 
software.  It  only  took  a  one  or  a  few  talented  individuals  to 
create  the  software  and  techniques  that  were  then  used  by 
many  to  compromise  at  the  least  hundreds  of  thousands’^  of 
accounts. 

A  full  time  physicist  and  part  time  computer  security  expert 
discovered  a  significant  security  vulnerability.  It  was  in  a 
popular  operating  system  on  a  popular  workstation.  He 
wrote  a  program  to  exploit  the  vulnerability,  complete  with 
detailed  comments,  and  submitted  it  to  the  vendor  of  the 
workstation  as  well  as  reliable  computer  security  groups. 
The  vendor  responded  and  eventually  created  a  patch  to  fix 
the  vulnerability.  Ironically,  the  program  fell  into  attacker 
hands — we  still  do  not  know  how,  and  is  widely  being  used 
to  exploit  unpatched  workstations.  Evidently,  the  attackers 
can  circulate  the  program  quicker  than  the  security 
community  can  disseminate  the  countermeasures. 


°  Clearly  any  resource  has  a  cost;  chances  are  the  crackers  are  not  paying.  When  the  marginal  costs  are  so  low,  there  is  no 
economical  way  of  recovering  them  at  the  user  level — they  are  absorbed  as  institutional  overhead. 

^  CERT  estimate. 
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The  Electronic  Frontier  Foundation^,  a  non  profit 
organization  created  to  promote  the  free  exchange  of 
information  on  the  network  (among  other  things),  provides 
a  repository  for  “Computer  Underground  Digest”  (CUD) 
publications.  Fiterary  merit  notwithstanding,  these  (quasi) 
periodicals  frequently  contain  significant  attacker 
information,  including  detailed  methodologies  on  defeating 
toll  call  controls  (Phone  Phreaking),  a  complete  list  of 
credit  card  prefixes,  intimate  information  on  computer  and 
network  vulnerabilities,  and  so  on.  To  get  a  feel  for  the 
authors’  level  of  defiance  and  perversity,  one  publication 
has  detailed  and  accurate  instructions  on  the  construction  of 
a  light  bulb  bomb;  another  on  how  to  manufacture 
nitroglycerine.  Recently,  someone  posted  a  comprehensive 
index  to  the  CUD — a  substantial  time  and  labor  saving 
compendium  for  attackers. 

The  IRC  links  attackers  from  everywhere;  they  can 
exchange  information  (figuratively)  across  the  table  or 
under  the  table — in  real  time.  Recently,  user  name 
password  pairs  from  newly  compromised  university 
computer  systems  were  openly  posted  on  the  IRC  channel 
#hack. 


Resources 
and  Counter¬ 
measures 


We  will  discuss  several  major  network  resources;  there  are  others  that  may  be 
found  in  the  references  at  the  end  of  this  document;  and  there  are  still  others  that 
may  be  discovered  simply  by  browsing  the  network.  At  the  introduction  of  each 
resource,  we  will  offer  suggestions  of  how  the  resource  may  be  used  to  counter 
attackers  and  other  possible  adverse  activities.  Of  course,  any  technology  that 
makes  you  more  efficient  and  effective  will  help  achieve  that  goal. 


There  is  no  single  expert  on  all  network  resources.  There  is  no  single  up-to-date 
compendium.  There  is  no  single  structure  that  governs  or  manages  all  resources. 
The  network  is  both  planned  and  unplanned — with  formal,  defacto,  and 
sometimes  incompatible  standards.  Its  growth  is  both  revolutionary  and 
evolutionary.  This  document  provides  a  high  level  view  of  a  selected  subset  of 
resources  and  services,  providing  sufficient  detail  for  the  novice  to  get  started 
and  most  sophisticated  users  to  learn  something  new. 


The  EFF  provides  an  open,  uncensored  service  with  significant  value  to  the  general  community  as  well  as  information  security 
professionals. 
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Electronic  Resources  for  Security  Related  Information,  continued 


Electronic  mail  (E-mail)  delivers  messages  between  physically  distant  points, 
often  within  minutes.  Eile  transfer  copies  information  at  hundreds  or  thousands 
(or  greater)  characters  per  second.^  The  USEnet  news  group  service  provides  an 
open  electronic  exchange  of  information  in  thousands  of  special  interest  groups. 
The  IRC  provides  conferencing  where  special  interest  groups  meet 
electronically  to  “chat”  and  exchange  information.  1°  Electronic  Bulletin  Board 
Services  (BBS)  are  a  relatively  mature  and  stable  method  of  information 
exchange.  Electronic  list  servers  provide  moderated  and  unmoderated  collection 
and  dissemination  of  contributor  supplied  information  on  specific  topics.  There 
are  electronic  reference  services  that  allow  a  user  to  hierarchically  search  the 
entire  spectrum  of  network  resources  for  specific  subjects  or  services.  Einally, 
there  is  a  network  information  provider. 

Eor  information  technology  security  specialists,  discovering  that  attackers 
routinely  exploit  these  network  resources  is  the  first  step.  Appreciating  their 
strategic  and  tactical  value  is  the  next.  The  third  step  is  learning  how  to  use 
them.  Experienced  IT  specialists,  even  those  unfamiliar  with  Unix,  TCP/IP, 
and/or  the  Internet,  will  find  that  the  network  is  a  timely  and  powerful  strategic 
asset;  a  remarkably  effective  system  of  communication  requiring  their  serious 
attention. 

The  following  sections  introduce  each  of  the  resources  mentioned  above (E- 
mail  first,  the  remainder  in  alphabetical  order).  The  best  and  most  effective  way 
to  learn  is  by  doing.  Examples  and  help  texts  for  ftp  and  m  appear  in  the 
appendices.  This  is  a  rapidly  emerging  suite  of  resources,  where  good,  up  to 
date  documentation  is  scarce.  Even  the  online  documentation  tends  to  age 
quickly — and  is  usually  only  updated  as  an  afterthought. 


^  The  proposed  National  Information  Infrastructure  (Nil)  calls  for  transfer  rates  of  gigabits/second. 

^  ^  The  conceptual  location  of  the  "chat,"  since  it  is  physically  distributed  among  terminals  and  computers,  is  an  excellent  example 
of  ""cyberspace.” 

^  ^  It  is  assumed  for  pedagogic  purposes  that  the  reader  is  familiar  with  the  commands  or  languages  cited.  The  appendix  has  specific 
examples  as  well  as  help  listings. 
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Electronic  Electronic  mail  (E-mail)  is  the  network’s  answer  to  “telephone  tag,”  the 

Mail  seemingly  interminable  exchange  of  “please  return  my  call”  messages  without 

direct  communications.  E-mail  allows  an  individual  to  consider  and  reply  to 
each  message  in  his  or  her  own  time.  It  also  allows  tracking,  filing,  and  other 
computer  aided  manipulations.  All  computer  incident  handling  teams  use  E- 
mail  to  distribute  their  bulletins  and  advisories  and  communicate  with  each 
other,  and  most  of  the  technical  communityi^. 

E-mail  is  the  most  popular  form  of  electronic  exchange.  If  a  location  has  any 
network  access  at  all,  it  will  have  E-mail.  There  are  several  addressing  schemes; 
we  will  consider  only  the  popular  and  common  hierarchical  Internet  form: 

user@localhost.subdomaini . .  .subdomainn.topdomain 

which  reads  user  at  localhost  in  subdomain i  in  ...  in  subdomainn  in  topdomain. 
Eor  example: 

j  oe  @  bigboy .  xy  zlab  .gov 

which  is  user  joe  on  host  bigboy  in  subdomain  xyzlab  in  the  government 
domain.  Mail  applications  vary,  but  they  usually  have  addressing  to  individuals 
or  lists,  carbon  copies,  subject  field  specification,  replying,  forwarding,  and 
from  and  date  information  in  the  header.  They  may  also  have  blind  carbon 
copies,  binary  file  attachment,  and  message  ID,  received,  resent  from,  and  reply 
to  in  the  header. 

The  commandi^  to  read  mail  is: 

mail  [-options] 

The  command  to  send  mail  is: 

mail  [-options]  recipient_list 

Help  is  available  by  typing  man  mail  at  the  command  prompt  or  ?  prompt  from 
within  mail. 


1  0 

Various  groups  are  addressing  issues  of  confidentiality  and  integrity;  there  are  interim  solutions. 
^  ^  Commands  are  assumed  to  be  UNIX  unless  otherwise  specified. 
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Electronic  Resources  for  Security  Related  Information,  continued 


You  may  E-mail  anonymously  through  services  offered  by  willing  volunteer 
sites,  called  “remailers.”  One  such  remailer  is  located  at  nowhere@bsu- 
cs.bsu.edu,  and  is  operated  by  Chael  Hall.  (A  list  of  some  other  sites  appears  in 
the  appendix.)  It  guarantees  anonymity  and  is  simple  to  use.  To  use  this  service, 
make  sure  that  the  first  two  lines  of  your  message  contain  the  following: 

first  line 

second  line  Request-Remailing-To:  fergp@sytex.com 

Modify  any  .sig  or  .mailsig  files  to  suppress  signature  additions  before  sending 
the  message.  This  would  reveal  your  identity. 


Anonymous  Anonymous  ftp  is  the  network’s  main  library  facilitator — either  directly,  or 
ftp  more  recently  serving  as  a  partial  basis  for  the  reference  services.  It  opens  a 

remarkably  cooperative,  extremely  low  cost,  timely,  ever  increasing,  and 
loosely  coupled  store  of  valuable  (and  not  so  valuable)  information.  Not  only  is 
there  abundant  information  directly  relevant  for  information  technology  security 
specialists,  but  there  is  the  potential  to  effectively  share  greater  quantities.  For 
example,  all  bulletins  of  the  incident  response  teams,  shareware,  and  freeware'^ 
are  readily  available  from  multiple  anonymous  ftp  sites.  It  is  equally  as 
important  for  the  security  specialist  to  keep  abreast  of  the  attacker  information 
also  available  from  anonymous  ftp  sites.  Ironically,  some  of  the  sites  provide 
both  kinds  of  information  in  the  spirit  of  a  completely  open  network. 

Anonymous  ftp  is  a  special  instance  of  the  TCP/IP  file  transfer  protocol, 
requiring  only  a  user  name  of  “anonymous” — if  allowed  by  the  remote  site.  The 
password  is  by  convention  expected  to  be  your  Internet  address  and  user  name. 
Anonymous  ftp  sites  are  often  library  repositories.  If  the  directory  is  not  known 
beforehand,  /pub  is  usually  a  good  place  to  start  and  then  you  can  search  down 
hierarchically. 


14 


Shareware  is  software  for  which  the  author  requests  a  nominal  fee  if  the  user  is  satisfied  with  the  product.  Freeware  is  software 
distributed  without  cost  as  a  public  service. 
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Electronic  Resources  for  Security  Related  Information,  continued 

To  connect  to  the  remote  system  targ.sub.dom,  enter: 


ftp  targ.sub.dom 

At  the  user  name  prompt,  enter  your  Internet  address.  For  example: 

hero  @good.guy.gov 

You  can  now  list  the  top  level  directory: 

Is  [-1] 

With  the  -1  option,  lines  that  begin  with  the  character  “d”  will  be  subdirectories. 
You  can  change  directories  by  entering: 

cd  <directory  name> 

Print  the  current  working  directory: 

pwd 

Copy  a  file: 
get  <file  name> 

Send  a  file: 
put  <file  name> 

And  terminate  the  session: 
quit 

Some  systems  provide  introductory  or  “tidbit”  information  through  the  finger 
command;  its  format  is: 

finger  @<remote  host  name> 

or 

finger  <username>@<r emote  host  name> 
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Electronic  Resources  for  Security  Related  Information,  continued 


Electronic 

Bulletin 

Board 

Services 


Security  specialists  use  electronic  bulletin  board  services  (BBSs)  as  an 
alternative  or  in  conjunction  with  E-mail  and  anonymous  ftp.  They  can  “meet” 
and  correspond  with  other  specials,  obtain  security  bulletins  and  software,  and 
learn  of  the  latest  threats  and  countermeasures.  The  CIAC  bulletin  board  service 
is  a  good  example. 

Electronic  bulletin  board  services  are  usually  accessed  through  dial  up 
telephone,  data  network  (such  as  X.25),  or  occasionally  by  Internet.  These 
services  tend  to  be  PC  oriented  and  require  a  suitable  terminal  package. 
Workstations  and  timesharing  systems  with  out-dialing  capabilities  may  also  be 
used.  CIAC,  NIST,  and  the  NCSC  (through  DOCKMASTER)  provide 
electronic  bulletin  board  (among  other)  services. 


Electronic 

Conferencing 


Electronic  conferencing  has  been  enhanced  with  the  recent  development  of  the 
Internet  Relay  Chat  (IRC)  software.  Your  local  computer  (PC,  Macintosh, 
workstation,  timesharing  system)  must  obtain  the  (public  domain)  software 
from  one  of  the  anonymous  ftp  sites  listed  in  the  appendix,  or  from  some  other 
source.  Assuming  you  have  Internet  access,  you  then  connect  to  one  of  the  listed 
regional  servers — preferably  the  geographically  closest.  If  your  local  machine 
does  not  have  the  client  software,  you  can  telnet  to  the  site  listed  in  the  appendix 
to  achieve  IRC  access.  Once  connected,  you  may  then  view  and  select  channels 
on  which  to  “chat.”  To  maintain  anonymity,  use  a  “handle”  rather  than  your  real 
name  if  you  decide  to  listen  into  channel  #hack.  Also,  the  server  will  reveal 
your  Internet  location  to  anyone  inquiring — unless  you  go  through  the  telnet 
server. 

Information  flow  on  IRC  tends  to  be  sporadic  and  frequently  flies  off  on 
tangents.  You  can  however,  initiate  a  session,  invoke  recording  to  disk,  and 
leave  it  unattended.  Other  channel  participants  may  notice  this,  object,  and 
terminate  your  connections.  As  a  countermeasure,  participants  have  created 
‘hots  (for  robots):  script  programs  designed  to  appear  like  a  real  person  listening 
and  making  comments.  Einally,  information  may  be  surreptitiously  exchanged 
between  other  members  of  the  channel. 


Electronic  conferencing  is  effectively  exploited  by  the  attacker  community  and 
other  special  interest  groups.  IT  security  use  has  been  for  the  most  part  using  it 
to  passively  learn  about  new  threats.  It  is  an  effective  means  of  immediate, 
value  added  communications  between  physically  (and  perhaps  socially)  separate 
individuals. 
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Electronic  Resources  for  Security  Related  Information,  continued 


List  Servers/ 

Information 

Sources 


Network 

Information 


List  servers  provide  the  security  specialist  with  timely,  topic  specific 
information  on  narrowly  defined  subjects.  Examples  include  viruses  (Virus-L), 
means  of  safely  connecting  to  the  network  (Firewalls),  and  the  risks  of  computer 
and  network  systems  (RISKS  digest). 

List  servers  are  electronic  mailing  lists  provided  to  (qualified)  individuals. 
Moderated  lists  require  that  each  message  be  reviewed  by  a  moderator  before 
being  resent  to  the  mailing  list;  on  unmoderated  lists,  all  submissions  are 
automatically  resent  to  everyone.  Digests  are  moderated  lists  that  combine  all 
significant  messages  into  periodic  mailings.  Unless  otherwise  indicated,  you 
may  subscribe  to  a  list  by  sending  an  E-mail  message  to  the  subscription  with 
the  single  line: 

subscribe  listname 

in  the  text  (not  subject)  portion  of  the  message.  The  list  will  then  be  sent  to  the 
address  from  which  you  requested  the  subscription. 


The  Network  Information  Center  provides  registration  information  for  nodes  on 
the  Internet.  It  is  frequently  used  to  find  a  responsible  system  administrator  for  a 
host  that  may  be  attacking  a  location.  Such  information  includes  one  or  more 
names,  addresses,  telephone  numbers,  and  electronic  mail  addresses. 

Network  information  is  provided  by  the  Network  Information  Center  at: 

rs.internic.net 

You  may  telnet  to  that  address  and  you  will  be  automatically  logged  in.  The 
system  will  show  you  a  help  screen  and  you  may  then  enter  commands  to  get 
information  on  users  and  addresses.  The  principle  command  is: 
whois  domain 

or 

whois  subdomain 

You  may  obtain  similar  information  concerning  European  hosts  by  telneting  to: 
whois.ripe.net 
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Electronic  Resources  for  Security  Related  Information,  continued 


Reference 

Services 


There  are  several  information  servers  that  allow  you  to  browse  the  network. 

•  “Archie”  is  an  information  locator  with  which  you  locate  anonymous  ftp 
files.  At  last  count,  it  could  locate  150  gigabytes  of  information  at  over 
1000  sites.  There  are  a  variety  of  ways  to  connect,  the  simplest  being  where 
you  telnet  to  one  of  the  server  sites  listed  in  the  appendix  and  log  in  as 
“archie”  (no  password  is  required). 

•  “Gopher”  is  an  Internet  resource  locator.  Its  preferred  access  is  through 
client  software  on  a  PC  or  workstation,  but  it  can  be  accessed  through  telnet 
from  a  terminal. 

•  The  “Wide  Area  Information  Server”  (WAIS)  is  a  text  retrieval  system 
freely  available  from  Thinking  Machines  Corporation. 

•  The  “World  Wide  Web”  (WWW  or  W3)  provides  for  the  global  sharing  of 
academic  information.  Its  source  is  available  through  anonymous  ftp  from 
CERN.  Its  growth  has  exploded  in  the  last  year  (1994). 

•  “Mosaic”  is  a  rapidly  growing,  popular  “hypermedia”  implementation  of 
WWW.  According  to  its  creators,  it  is  “an  Internet-based  global 
hypermedia  browser  that  allows  you  to  discover,  retrieve,  and  display 
documents  and  data  from  all  over  the  Internet.”  It  appears  to  be  emerging 
as  a  potential  de  facto  standard.  Mosaic  has  the  added  virtue  that  it  can 
reference  most  other  services,  such  as  Gopher  and  ftp  (see  the  appendix  in 
this  document). 

•  “Hytelnet”  is  a  library  catalog  reference  service. 


Reference  services  are  emerging  as  value  added  facilities  to  search  through  the 
ever  increasing  quantities  of  information  available  through  the  Internet.  They 
have  the  potential  to  do  everything  from  locating  a  source  of  Macintosh  anti¬ 
viral  software  to  providing  the  weather  report  for  a  city  that  you’re  visiting 
tomorrow. 
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Electronic  Resources  for  Security  Related  Information,  continued 


USEnet  News  USEnet  news  is  the  interactive  news  service  of  the  network.  The  security 

specialist  can  selectively  read  postings  on  computer  security,  viruses,  privacy 
issues,  attacker  methodologies  (by  the  attackers),  specific  hardware  and 
software,  and  so  on.  The  specialist  can  correspond  with  the  authors  either 
privately  or  through  the  news  service.  USEnet  is  an  excellent  way  of  not  only 
learning  what’s  happening,  but  meeting  contemporaries.  As  with  any  news 
source,  one  should  independently  verify  the  information. 

USEnet  news  (sometimes  referred  to  as  netnews)  is  selectively  accessed  through 
various  news  reader  applications.  The  news  groups  are  hierarchically  defined; 
some  major  roots  are  listed  in  the  appendix.  The  news  reader  application  for  the 
purposes  this  discussion  is  rn. 

Netnews  is  a  methodology  for  exchanging  information  on  a  common  topic. 
Original  articles  are  “postings”  from  individuals.  Readers  may  then  post  replies 
to  postings,  replies  to  replies,  and  so  on.  This  sequence  started  by  the  original 
posting  is  called  a  “thread.”  News  reader  applications  allow  you  to  “kill” 
(eliminate)  a  posting,  thread,  or  news  group.  Conventionally,  if  replies  contain 
the  text  of  the  referenced  posting,  it  should  be  indented  and/or  preceded  by  a 
distinguishing  character,  usually  >.  Since  replies  can  be  nested,  one  frequently 
sees  postings  including  various  levels  of  indentation.  As  a  matter  of  practicality 
and  courtesy,  subject  lines  should  be  clear  and  concise. 

The  “m”  news  reader  is  run  by  entering: 

rn 

You  will  be  asked  if  you  want  to  subscribe  to  recently  added  news  groups. 

When  that  query  is  finished,  you  will  then  be  asked  to  read  specific  groups.  You 
can  answer  yes,  no,  or  ^uit,  or  you  can  enter  a  news  group  level  command.  Eor 
example,  to  read  the  news  group  “alt.security”,  type: 

g  alt.security 

at  any  point.  You  will  then  be  shown  the  chronologically  oldest  article.  Note 
that  all  articles  have  sequential  numbers.  You  can  mark  the  article  as  read  and 
go  on  by  entering  k.  You  can  read  the  next  article  by  entering  n.  You  can  save 
an  article  by  typing  s.  You  can  get  a  list  of  all  articles  by  entering  =.  There  are 
other  commands  that  allow  you  to  navigate  through  a  selected  news  group.  You 
can  get  help  by  typing  h .  Note  that  you  must  first  quit  reading  one  news  group 
before  you  can  go  to  another.  Once  you  are  back  at  the  selection  level,  there  are 
many  commands  that  allow  you  to  navigate  through  that  process.  Einally,  you 
can  exit  completely  by  typing  q  at  the  selection  level. 


1 5  Forgeries  (known  as  “spoofing”)  are  possible  and  do  occur  occasionally. 

^  ®  If  you  see  a  —more—(x%)  prompt  at  the  bottom  of  the  screen  and  are  unfamiliar  with  more  protocol,  note  the  following.  Pressing 
the  space  bar  advances  one  page  and  typing  q  quits  reading  that  article.  You  may  also  type  most  other  m  commands,  for  example 
n  or  =. 
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Electronic  Resources  for  Security  Related  Information,  continued 


The  DOE 

Automated 

Departmental 

Directives 

System 

(ADDS) 


The  DOE  Automated  Departmental  Directives  System  (ADDS)  is  a  database  of 
current  DOE  and  Headquarters  Orders,  Notices,  and  Secretary  of  Energy 
Notices.  It  features  menu-driven  text  search  and  retrieval  and  reports  providing 
summaries  of  current  and  newly  issued  Directives.  The  recommended  ADDS 
workstation  is  an  IBM  PC  (or  compatible)  with  communication  software  (the 
ETTERM  Eile  Transfer  and  Terminal  Emulator  Program  is  “strongly 
recommended”),  dial  out  capabilities,  a  Hayes  compatible  or  BISCOMP  modem 
supporting  V.22  or  V.32  protocol  or  DPU  in  headquarters,  and  an  attached 
printer.  To  register,  submit  DOE  forms  1450.5  and  1450. 5A  to  Chief,  Human 
Resource  Information  Systems,  U.S.  Department  of  Energy,  AD-123/E-109, 
Washington,  DC  20585.  Eor  further  information  or  questions,  contact  George 
Hofman  at  (301)  903-2870. 


The  National 
Institute  of 
Standards 
and 

Technology 

(NIST) 

Electronic 

Bulletin 

Board 

Services 


The  National  Institute  of  Standards  and  Technology  (NIST)  maintains  four 
electronic  bulletin  board  systems  for  information  exchange: 

•  Computer  security 

•  Data  management  activities  and  applications 

•  Open  Systems  Interconnections  standards  activities 

•  North  American  Integrated  Services  Digital  Network  (ISDN)  Users’  Eorum 
(NIUE) 

The  telephone  numbers  appear  in  the  appendix  of  this  document. 


The  DOE 

Computer 

Incident 

Advisory 

Capability 

(CIAC)  File 

Server  and 

Electronic 

Bulletin 

Board  System 


The  DOE  Computer  Incident  Advisory  Capability  (CIAC)  provides  an 
electronic  bulletin  board  service  as  well  as  anonymous  ftp.  These  are  in  addition 
to  their  bulletins  and  advisories,  which  are  distributed  electronically,  in  hard 
copy,  and  (if  of  immediate  importance)  by  EAX  to  DOE  sites.  The  BBS  and  ftp 
services  contain  similar  information,  where  the  BBS  is  for  those  without 
Internet  access.  They  both  feature  CIAC  and  other  response  team  bulletins, 
virus  information,  computer  security  related  shareware,  utilities,  and  so  on. 
Access  information  to  these  services  appears  in  the  appendix  of  this  document. 
Use  of  the  BBS  is  menu  driven  and  self  explanatory.  An  example  of  access  to 
ftp  services  appears  in  the  appendix  (note  that  the  current  name  “CIAC.llnl.gov” 
will  be  changing  to  “ciac.llnl.gov”  in  the  near  future).  A  draft  summary 
document  for  using  both  resources  appears  in  the  appendix.  CIAC  will  be 
publishing  user  documentation  for  both  services  in  the  future.  If  you  need 
further  information  or  help,  call  the  CIAC  hotline  at  (510)  422-8193. 
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Electronic  Resources  for  Security  Related  Information,  continued 


The  National 
Computer 
Security  Center 
(NCSC) 

DOCKMASTER 


DOCKMASTER  is  a  (Multics-based)  subscription  service  of  the  National 
Computer  Security  Center  (NCSC),  that  they  consider  an  “Information  Security 
Showcase.”  Its  large  repertoire  of  available  services  (its  users  manual  is  over 
one  hundred  pages)  includes  E-mail,  electronic  bulletin  boards,  and  allows 
hands-on  software  evaluation.  Its  Evaluated  Products  Eist  rates  computers  and 
computer  security  products.  Users  can  access  online  documents  (such  as  the 
Orange  Book),  participate  in  online  discussions,  and  learn  about  computer 
security  conferences.  Users  can  connect  to  DOCKMASTER  through  MIENET 
(part  of  the  Internet),  TYMNET  (a  packet  switching  service),  and  local  dial-in. 

A  registration  packet  may  be  requested  by  writing  to  NCSC,  Eort  George  G. 
Meade,  MD  20755-6000 — Attn:  DOCKMASTER  Accounts  Administrator. 

Note  that  Eederal  employees  are  “User  Type  3”,  contractors  are  “User  Type  6” 
and  the  project  should  be”  Catwalk”  unless  you  were  specifically  assigned 
another  one.  The  resource  guide  for  DOCKMASTER  appears  in  the  appendix  of 
this  document.  Eurther  information  is  available  by  calling  (410)  850-4446 — and 
they  are  very  helpful. 
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Appendix  A 


Glossary  and  Notation 


[Note:  Unix  commands  are  case  sensitive.] 


Term  Description 


{} 

[] 

<> 

* 


anonymous  ftp 

archie 

bbs 

bold  type 

bold  italics 

’bots 

CIAC 

.com 

<CR> 

cracker 

CPSR 

CUD 

cyberspace 

CERT 

des 

DNS 

.edu 

EFF 

faq 

FCC 

(F/C) 

finger 

FIRST 

flame 

freeware 

ftp 

FTS 

fyi 

gif 


alternate  choice  for  the  preceding  item 

containing  optional  command  switches;  also,  part  of  file  name  syntax  for  some 
anonymous  ftp  servers 

containing  descriptions  of  fields  for  commands,  such  as  file  names 

wildcard  character  in  file  name  specification 

hold  down  control  key  while  depressing  character  following  the  ^ 

recursive  wildcard  directory 

ftp  service  not  requiring  a  secret  password 

Internet  ftp  file  locator  reference  service 

electronic  bulletin  board  system 

things  that  are  particularly  helpful  to  attackers/hackers 

user  input  in  examples 

(from  robots)  routines  to  simulate  intelligent  activity  on  an  IRC  channel 

(the  DOE)  Computer  Incident  Advisory  Capability 

commercial  organization  Internet  address  domain 

carriage  return — Return  key  pressed  by  user 

term  for  computer  criminal  (see  also,  hacker) 

Computer  Professionals  for  Social  Responsibility 
Computer  Underground  Digest 

the  conceptual  location  of  electronic  interconnections  and  communications 
Computer  Emergency  Response  Team 
Data  Encryption  Standard 

Domain  Name  Service — methodology /implementation  for  routing  TCP/IP 
messages 

educational  institution  Internet  address  domain 

Electronic  Frontier  Foundation;  organization  advocating  open  information  on  the 

Internet  (among  other  things) 

frequently  asked  questions 

Federal  Communications  Commission 

FTS  and  commercial  telephone  number 

Unix  command  to  obtain  user  information  at  a  local  or  remote  host 
Forum  of  Incident  Response  and  Security  Teams 

posting  critical  and  sometimes  derogatory  comments  in  reply  to  a  posting 
software  freely  distributed  at  no  cost  with  owner  maintaining  all  rights 
file  transfer  protocol;  used  to  send  or  receive  files  over  the  Internet 
Federal  Telephone  System 
for  your  information 

graphic  file  format  used  to  exchange  pictures 
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gopher 


Internet  resource  locator 
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Glossary  and  Notation,  continued 


Term 

•gov 

hacker 

handle 

HP 

HTML 

HTTP 

HYTELNET 

IITE 

italics 

IRC 

ISDN 

ISS 

IT 

kerberos 

kill 

MD5 

.mil 

MIME 

mirror 

NASIRC 

NCSC 

.net 

NES 

NIC 

Nil 

NIST 

•org 

OSI 

PCMCIA 

pern 

PgP 

phreaks 

posting 

/pub 

public  domain 

remailer 

rfc 

ripem 

m 

SERT 

sha 

shareware 

sysop 

.tar 
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Description 

government  agency  Internet  address  domain 

ambiguous  term  for  computer  criminal  (original  hackers  were  tinkerers  in  the 
positive  sense;  see  also,  cracker) 

electronic  pseudonym  used  for  effect  and/or  to  mask  identity 
Hewlett-Packard 

HyperText  Markup  Eanguage  -  “mark  up”  language  for  Mosaic  hypertext 

HyperText  Transfer  Protocol 

Internet  library  reference  service 

Information  Infrastructure  Task  Eorce 

defined  terms  (in  text) 

Internet  relay  chat;  enhanced  multi-member  electronic  conversation 
integrated  services  digital  network;  voice,  data,  etc.,  on  the  same  transmission 
media 

Internet  Security  Scanner — a  tool  for  checking  vulnerabilities 
Information  Technology — a  blanket  term  for  computer,  network,  information 
related  activities 

DES-based  encryption  scheme — intuitively,  a  distributed  security  server 
(reading  news)  eliminate  a  posting,  thread,  or  newsgroup 
message  digest  algorithm  for  cryptographic  checksums 
military  organization  Internet  address  domain 
Multipurpose  Internet  Mail  Extensions 

duplication  of  an  ftp  distribution  site  to  share  distribution  overhead 
NASA  Automated  Systems  Incident  Response  Capability 
National  Computer  Security  Center 

backbone  networking  organization  Internet  address  domain 
Network  Eile  System 

Network  Information  Center;  assigns/maintains  Internet  addresses 

National  Information  Infrastructure 

National  Institute  of  Standards  and  Technology 

non-profit  organization  Internet  address  domain 

Open  Systems  Interconnection  (networking  standards) 

Personal  Computer  Memory  Card  International  Association 

privacy  enhanced  mail 

pretty  good  privacy  (enhanced  mail) 

attackers  who  specialize  in  telephone  systems  (freaks  with  a  “ph”) 

USEnet  news  article 

top  level  directory  usually  reserved  for  public  anonymous  ftp  documents 

software  released  into  the  public  domain,  having  no  owner  or  use  restrictions 

a  site  that  forwards  mail  anonymously,  removing  any  identity 

request  for  comment;  technical  information  notes 

riordan's  Internet  privacy  enhanced  mail 

Unix  read  news  utility 

Security  Emergency  Response  Team  (Australia) 
secure  hash  algorithm 

low  cost  software,  freely  distributed  with  “voluntary”  payment  requested  from 
satisfied  users 

system  operator  (especially  BBS) 

Unix  file  name  suffix;  Unix  archive  program  format;  use  tar  -fx  filename  to  retrieve 
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Glossary  and  Notation,  continued 


Term 

TCP/IP 

telnet 

thread 

TIS 

Unix 

URL 

.Z 


Description 

transport  Control  Protocol/Intemet  Protocol;  networking  protocol  originally  for 
Unix  and  now  most  other  operating  systems  as  well;  used  for  the  Internet 
remote  terminal  protocol;  used  to  login  to  remote  hosts  on  the  Internet  (primarily 
Unix) 

original  posting  and  all  subsequent  replies  to  that  posting 
Trusted  Information  Systems — developers  of  pern 

generic  term  for  a  number  of  similar  operating  systems  originally  developed  by  Bell 
Labs 

Uniform  (sometimes  Universal)  Resource  Locator:  addresses  for  WWW/Mosaic 
Unix  file  name  suffix;  compressed  format  for  transmission;  use  uncompress  to 
expand 
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Anonymous  ftp  Sites 


Format: 


ftp  internet  address: optional  directory 

Log  in  as  anonymous,  and  enter  your  username  and  E-mail  address  when  prompted  for  a 
password.  Directories  usually  begin  /pub  unless  otherwise  specified.  This  is  not  a  complete  list.  You 
can  often  find  additional  information  by  viewing  the  parent  directories  of  listed  specific 
subdirectories.  Numeric  addresses,  when  available,  appear  in  parentheses. 


internet  address: 

optional  directory  Description/Comment 


ames.arc.nasa.gov:pub/SPACE 

apple.apple.com 

aql.gatech.edu:/pub/ef^CUD 

(128.61.10.53) 

aql.gatech.edu:/pub/security/iss 

archive.cis.ohio-state.edu 

arisia.xerox.com 

arizona.edu 

arthur.cs.purdue.edu:/pub/pcert/tools/unix 
/netlog-1.02.tar.g 
arthur .  c  s .  purdue .  edu : /pub/report  s 
/TR823.PS.Z 

ashley .  cs .  widener .  edu  :/pub/src/adm 
/shadow-3. 1.4.  tar  .Z 
aql.gatech.edu 
athena-dist.mit.edu 
ba.com 

bcm.tmc.edu:/pcnfs/pcnfsd.92. 1 1 .05. tar  .Z 

beach.utmb.edu 

bell.com 

black.ox.ac.uk  (129.67.1.165)  :/src/security 
boombox  .micro .  umn .  edu :  /pub/gopher 
bruno.cs.colorado.edu 
byrd.mu.wvnet.edu  /pub/ejvc 
/EJVC.INDEX.FTP 
cert.org:/pub/virus-l/docs 
cert.org:/pub/. . . 
coast.cs.purdue.edu 
coast.cs.purdue.edu:/pub/aux 
consultant .  micro .  umn  .edu 
coomb  s .  anu .  edu .  au :  /pub/irc 
crl .  dec .  com:/pub/DEC/ultrix-f aq .  txt 
cs.bu.edu:/IRC/support 
cs.bu.edu:/pub/listserv 
cs.utah.edu:/pub 

cs.uwp.edu:/pub/msdos/wp/passwp.zip 

csn.org 


NASA  information,  images,  etc. 
Apple/Macintosh 

CUD 

security  utilities 
security  software 
message-digest  software 
astronomy  programs 

Unix  security  tools 

password  information 

password  management 
ISS 

kerberos  software 
Bell  Atlantic 
Sun  patches 

anti-virus  software  backup  site 
telecommunications  information 
security  information 
gopher  reference  service  software 
? 

Electronic  Journal  on  Virtual  Culture 

Virus-E  documentation 

security  information  (e.g.,  COPS,  npasswd) 

security  tools  archive 

security  archive 

electronic  bookstore 

IRC  information 

Ultrix  faq 

IRC 

list  server  software 
? 

breaking  WordPerfect  encryption 
security,  etc. 
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Anonymous  ftp  Sites,  continued 


internet  address: 
optional  directorv 


Description/Comment 


cpsr.org:/cpsr/clinton 

crvax.sri.com 

csrc.nist.gov:pub/. . .  (129.6.54. 1 1) 
cv.vortex.com:/privacy 
dartvax.dartmouth.edu:/pub/security 
/passwd+.tar.Z 
dartmouth.edu 

decuac .  dec .  com:/pub/DEC/ultrix-f aq .  txt 
dftnic .  gsfc .  nasa.  gov :  [ .  FILES .  MAC  ] 

M  ACSECURE3 1  .HQX  { SIT } 
dg-rtp.rtp.dg.com(128.222.E2) 
dhvx20.csudh.edu:/global_net 
drgate  .dra.com:/pub/gpo 
ds.intemic.net:pub/the-scientist 
educom.edu 
eecs.nwu.edu 
emx.utexas.edu 

etext.archive.umich.edu/pub/CuD/cud 

(141.211.164.18): 


white  house  documents 
RISKS  digest 

NIST  BBS,  security  bulletins,  first  contacts 
privacy  forum  archives 

password  security  (Unix) 
security  software 
Ultrix  faq 

anti-virus  software 
Data  General  security  patches 
global  network 
GPO  BBS 

The  Scientist  (periodical) 
information  technology  news 
security  software 
security  software 

CUD 


eugene.utmb.edu:/pub/pgp  pgp 

eugene.utmb.edu:/pub/virus-software/pc  { macintosh } 

anti-virus  software 


export.lcs.mit.edu 
faui43.informatik.uni-erlangen.de 
first.org:/pub 
freebie .  engin .  umich .  edu 
ftp .  acsu  .buffalo .  edu  :/pub/IRC 
ftp. apple.com:dts/mac/sys. soft/imaging 
ftp.bio.indiana.edu:/util/gopher 
ftp.bsdi.com 
ftp.census.gov:/pub 
ftp.cert.org:/pub/tools 
ftp.cic.net 
ftp .  cisco,  com/pub 
ftp .  cni  .org  :/CNI/documents/f arnet 
/stories -index 


astronomy  programs 
IRC 

security  information 

IRC  client/server  software  ftp  site 

IRC  client/server  software  ftp  site 

Apple  utilities 

gopher  software 

BSDI 

Census  bureau 
security  tools 
Internet  use  instruction 
Cisco  (Router/Firewall  Vendor) 

Coalition  for  Networked  Information  Internet 


Information 


ftp.ccmail.com  security  upgrades 

ftp.cco.caltech.edu:/pub/bjmccall  white  house  documents 

ftp.comlab.ox.ac.uk:/pub/Zforum  Z  specification  language 

ftp.cs.berkeley.edumcb/sendmail  security  software 

ftp.cs.bul.nl  foreign  nodes 

ftp.cs.purdue.edu:/pub/spaf/. . .  security  tools 

ftp.cs.purdue.edu:/pub/spaf/COAST 

/Tripwire  Tripwire  security  software 

ftp.cs.ttu.edu:/pub/asciiart  ascii  art 

ftp.cs.uwm.edu:pub/comp-privacy  computer  privacy  information 

ftp.cs.widener.edu:/pub/zen/. . .  Zen  and  the  Art  of  the  Internet:  A  Beginner’s  Guide  to 

the  Internet 
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Anonymous  ftp  Sites,  continued 


internet  address: 
optional  directory 

ftp .  cs .  wise .  edu  :/connec  tivity_table 
ftp. cwru.edu:/security/unix-sec  urity.ps 
ftp.delmarva.com:pub/security 
ftp.denet.dk:/pub/misc/cm200-UFC.tar.Z 
ftp.digital.com:/pub/Digital/info 
ftp.ee.mu.oz.au:/pub/text/Cud/. . . 
ftp.eff.org:/pub/CUD/. . .  (192.88.144.4) 
ftp .  eff .  org  :/pub/IRC/lumberj  ak.  shar 
ftp.einet.net 

ftp. eit.com:/pub/web. guide/ 
ftp.es.net:/pub/networking-info/eam 
/nettools.ps{txt} 
ftp .  es .  net  :/pub/security 
ftp.etext.org:/Zines/InterText 
ftp .  eunet .  no :  /pub/text/online .  txt 
ftp.fcc.gov 

ftp.funet.fi:/pub/unix/mail/zmailer/ 
ftp@ghost.dsi.unimi.it:/pub/crypt/sci.crypt 
ftp.greatcircle.com:pub/firewalls 
FTP .  Create  ircle .  COM  :pub/archive 
/firewalls  .Z 

ftp.gwu.edu:/pub/hoffman 

ftp.hep.net 

ftp.inoc.dl.nec.com:pub/security/. . . 
(143.101.112.3) 

ftp.informatik.uni-hamburg.de:/pub/virus 

/texts/security 

ftp.informatik.uni-hamburg.de:/pub/virus 

/texts/tests 

ftp.informatik.uni-hamburg.de:/pub/virus 
/texts/catalog/msdosvir.zip 
ftp .  isoc .  org/isoc/charts 
ftp.lm.com:pub/interpedia 
ftp  maristb.marist.edu 
ftp.ncsa.uiuc.edu 

ftp.ncsa.uiuc.edu:/Mosaic  ( 141 . 142.20.50) 
ftp.nec.com:/pub/security/socks/cstc 
ftp.next.com  /pub/NeXTanswers/Files 

ftp.netsys.com 

ftp.nisc.sri.commetinfo/interest-groups 

ftp.nisc.sri.com:pub/zone 

ftp.ntia.doc.gov 

ftp.oar.net:/pub/OARnet/doc/oarsec.PS.Z 

ftp.ox.ac.uk 

ftp.pica.army.mil 

ftp.pnl.gov  in  the  directory :/pub/pnlinfo 
ftp.psy.uq.oz.au:/pub/DES 
ftp.qucis.queensu.ca:pub/dalamb/ 
college-email 


Description/Comment 

international  connectivity  table 

Unix  security 

firewalls  information 

password  cracker 

Digital  Equipment  Corporation 

computer  underground  digest 

computer  underground  digest,  indices,  etc. 

IRC 

gopher  sources 

directory  of  Cyberspace  resources 

Internet  resource  guides 
security  information 
Intertext  electronic  periodical 
network  information — shareware  book 
ECC 

more  secure  mailer  (than  sendmail) 

cryptography 

firewalls  information 

firewalls  digest 

cryptography 

High  Energy  Physics 

computer  security  tools 

security  documents 

virus  archives 

MS-DOS  virus  information 
Internet  statistics 
electronic  encyclopedia 
white  house  documents 
NCSA  telnet 
Mosaic/WWW  software 
SOCKS 

NeXT  patches  and  security  alerts 
computer  underground  publications 

mailing  lists,  security,  etc. 

definitions  of  Internet  zones 

National  Information  Infrastructure 

Internet  security 

cryptography 

privacy  issues 

gopher  software 

des 

how  to  find  E-mail  addresses 
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Anonymous  ftp  Sites,  continued 
internet  address: 

optional  directory  Description/Comment 


ftp.rpi.edu 

ftp.sco.com 

ftp.sei.cmu.edu:  /pub/dvk/passwd.ps 
ftp.senate.gov 

ftp. sert.edu. au:/security/sert/tools 

ftp.sgi.com:/pub/sgi/IRIX 

ftp.sti.nasa.gov 

ftp.sura.net:pub/nic 

ftp .  tansu .  com.  au  :/pub/docs/security 

ftp.telebit.com:/pub/nomad/. . . 

ftp.temple.edu:pub/info/help-net 

ftp.tis.com 

ftp.tis  .com:pub/firewalls 
ftp .  ucsd.edu :  hamradio/packet/tcpip/crypto 
(128.54.16.7) 

ftp .  uni .  edu :  /pub/archie/clients 
ftp.unt.edu:/pub 
ftp.usask.ca:/pub/hytelnet/pc 
(128.233.3.11) 

ftp .  utdallas .  edu  :/pub/staff/billy/libguide 
(129.110.10.1) 
ftp.uu.net 

ftp.uu.net:/tmp/CUPindex 

ftp.uu.net:~ftp/systems/sun/sun-dist 

ftp.win.tue.nl 

ftp .  win .  tue .  nl :  /pub/s  ecurity 
/tcp_wrappers_6 . 3 .  shar  .Z 
ftpserver.massey  .ac  .nz  :/pcnfs  .sun 
furmint.nectar.cs.cmu.edu/security 
garbo.uwasa.fi:/pc/util/wppass2.zip 
gatekeeper.dec.com  (16.1.0.2) 
gatekeeper.dec.com:pub/DEC/DECinfo 
/DECnews-EDU 

gatekeeper .  dec .  com:/pub/DEC/ultrix-f aq .  txt 

gatekeeper.decwrl.com 

gate.demon.co.uk 

ghost.dsi.unimi.it:/pub/crypt 

ghost.dsi.unimi.it:/pub/security/atp.tar.Z 

gopher.uiuc.edu 

gs80.sp.cs.cmu.edu:/usr/anon/public 

/space-tech 

hafnhaf .  micro .  umn  .edu 

halcyon.com:/pub/mirror/CUD/. . . 
(202.135.191.2) 

hopf.math.nwu.edu:pub/gn/gn-0.6.tar.Z 
ibml  .cc.lehigh.edu 
idlastro.gsfc.nasa.gov 
ietf.cnri.reston.va.us:/oc/inet93 


computer  mediated  communications 
SCO  Unix  patches 
password  security 
U.S.  Senate 

tools  from  Australian  SERT 
SGI  patches 
NASA  information 
network  guides  and  resources 
security  documentation 
network  observations 

glossary  of  computer  oriented  abbreviations  and 

acronyms 

pern 

Internet  firewall  toolkit  and  papers 
des  source 

archie  client  software 

computer  and  network  security  information 

HYTEENET  software 

Internet  library  guide 

dictionaries,  astronomy  programs 

CUD  index 

sun  patches 

TCP  security  tools 

TCP  wrappers 
sun  patches 
security 

breaking  WordPerfect  encryption 

Third  party  software  for  DEC  systems 

DECNEWS  electronic  periodical 
Ultrix  faq 

PgP 

cryptography 

anti-tampering  program,  etc. 
electronic  bookstore 

technical  space  information 

“Electronic  Government  Information  Service” 

mirror  of  ftp.eff.org 

gopher  software  (GN) 

Virus-E  archives 

astronomy  library 

INET  conference  proceedings 
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Anonymous  ftp  Sites,  continued 
internet  address: 

optional  directory  Description/Comment 


iitf.doc.gov 

info.umd.edu 

info.umd.edu:/info/Computers/PC/Unix 
/uuexe520.zip 
iraunl.ira.uka.de 
CIAC.llnl.gov  (128.115.19.60) 
iris  1  .ucis  .dal.ca:pub/gif 
iskut.ucs.ubc.ca:/pub/Internet-drafts 
/draft-rsadsi-rivest-md5-02.txt 
jbcondat®  attmail.com 
jerico.usc.edu:pub/gene/kk 
Julius  .cs  .qub .  ac  .uk:pub/SpaceDigestArchive 
kampi.hut.fi 

kidd.vet.purdue.edu:/pub/users/wam 

/docs/legal 

mac .  archive .  umich .  edu 
mac .  archive  .umich .  edu  :/mac/util/encryption 
mcafee.com 
mrcnext.cso.uiuc.edu 
mcsun.eu.net 
more  @  hpc  wire,  ans  .net 
naic.nasa.gov:files/general_info 
/earn-resource-tool-guide.ps, 
earn-resource-tool-guide.txt 
nasirc.nasa.gov 

net.tamu.edu:pub/security/TAMU 

net-dist.mit.edu:/pub/PGP 

net-dist.mit.edu:  /pub/TechMail-PEM 

netlib@research.att.com 

network.ucsd.edu:/intertext  (128.54.16.3) 

nevada.edu:/pub/liaison/govmmnt.zip 

nic.funet.fi 

nic  .merit.edu:documents/fyi 
nis.nsf.net:/documents/rfc/. . . 
nnsc.nsf.net 
nri.reston.va.us:/ietf 

ns.ripe.net:earn/earn-resource-tool-guide.ps, 

earn-resource-tool-guide.txt 

nysernet.org:pub/resources/guides 

oak.oakland.edu 

oak.oakland.edu:pub/msdos/virus 

ocf.berkeley.edu:/pub/Library /poetry 

otabbs.ota.gov 

pcl0868.pc.cc.cmu.edu 

pencil.cs.missouri.edu:/pub/crypt 

photol.si.edu 

pioneer.unm.edu:pub/info/beginner-info 
pit-manager.mit.edu:/pub/usenet/. . . 
prep.ai.mit.edu 


Nil 

Univ.  of  Maryland  information/programs 

virus  survey 
security,  IRC 
CIAC 

Voyager,  Hubble,  etc.  GIFs 

MD5  description 
Chaos  digest  -  mail  server 

cryptographic  papers 
Space  Digest 
DBS  software 

computer  security  documents 
Macintosh  archives 
Macintosh  encryption 
anti-virus  products 
project  Gutenberg  online  text 
windows  security 
technical  news  stories 


network  resources 

NASIRC  archives 

Texas  AMU  security  tools 

PGP 

PEM 

compilers 

electronic  periodical 

Government  information  on  the  Internet 

network  information  center,  Finland 

network  guides  and  resources 

“requests  for  comments”standards 

Internet  documents 

Internet  Engineering  Task  Force 

network  resource  guide 
network  guides  and  resources 
large  software  repository 
virus  information 
poetry 

Office  of  Technology  Assessment  (U.S.  Federal) 
lists 

pretty  good  privacy  (enhanced  mail) 

Smithsonian  photos 
space  imagery  data 
faqs  for  the  newsgroups 
general  including  fax  security 
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Anonymous  ftp  Sites,  continued 
internet  address: 

optional  directory  Description/Comment 


prep.ai.mit.edu:/pub/gnu/fax-3.2. 1  .tar.Z 

princeton.edu:/pub/pgp20 

pubinfo.jpl.nasa.gov 

pyrite.rutgers  .edu 

ras  c  al .  ic  s .  utexas .  edu :  mac/virus  -  * 

Research. att.com:dist/Intemet_security 

red.css.itd.umich.edu:/CUD/. . . 

rtfm.mit.edu 

rogue.llnl.gov 

ripem.msu.edu 

ripem.msu.edu:pub/crypt 

risc.ua.edu:/pub/ibm-anti- virus 

rpub.cl.msu.edu 

rsa.com:/pub/... 

rsa.com:/rsaref/dist/930105 

rtfm.mit.edu:/pub/usenet 

rutgers.edu 

sl.gov:/pub/socks. tar.Z 
s6k.boulder.ibm.com 
sc .  tamu  .edu  :pub/security/T  AMU 
sipb.mit.edu:/pub/diswww/diswww.tar.gz 
slopoke.mlb.  semi.harris  .com:/pub/IRC 
soda.berkeley.edu:/pub/cyberpunks 
soda.berkeley.edu:/pub/cyberpunks/pgp 
software.watson.ibm.com 
solbourne .  solboume  .com 
src.doc  .ic .  ac  .uk:/computing/comms/irc 
src  .doc  .ic .  ac  .uk:/public/sun/pc-nfs 
/pcnfsd.92. 1 1 .05. tar.Z 
src-aux.src.umd.edu 
sumex-aim.stanford.edu 
sumex-aim.stanford.edu:/info-mac/virus 
sunsite.unc.edu 
sunsite .  unc .  edu  :/home3/wais 
/white-house-papers 
sunsolve  1  .sun.com:/pub/patches 
sl.gov 

techreports.larc.nasa.gov:pub/techreports 

/larc/92 

thumper.bellcore.com:/pub/skey 
thumper.bellcore.com:/pub/crypt 
Town. Hall. Org 
uiunix.ui.org 

una.hh .  lib  .umich .  edu  :/inetdir  s  stacks 
unma.unm.edu 

urvax.urich.edu:  [MSDOS.  ANTI- VIRUS] 
/info-mac/virusux  I .  cso  .uiuc .  edu : 
/pc/virus 


net  fax  software 

pretty  good  privacy  (enhanced  mail) 

JPL 

security  mailing  list 

anti-virus  software 

papers  on  firewalls  and  break  ins 

mirror  of  ftp.eff.org 

computer  security  information 

DECnet  security  tools 

ripem  programs 

encryption  software 

anti-virus  software 

RSAREF 

cryptography 

RIPEM,  RSAREE 

USEnet  faq  archive 

Columbia  University  Appletalk 

Unix  security 

IBM  security  fixes 

network  security  tools 

electronic  conferencing  source  (Discuss) 

IRC  client/server  software  ftp  site 

remailer  usage 

PgP 

IBM  fixes 

Solbourne  information  (including  security  fixes) 
IRC  information 

Sun  patches 

Macintosh  information/software 
Apple  software 
anti-virus  software 
linux  fixes 

white  house  documents 
SUN  patches 
security  software 

NASA  technical  reports 

s/key  one  time  password  software 

cryptography 

Edgar — Securities  and  Exchange  information 
Unix  standards 
Internet  resource  guides 
ethics,  policy,  legislation 


anti-virus  software 
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internet  address: 

optional  directory  Description/Comment 


ucsd.edu:/hamradio/packet/tcpip/crypto 

/des.tar.Z 

uunet.uu.netxomp. sources. misc 
/volume23/smiley/part0 1  .Z 
venera.isi.edu 
Vitruvius .  cecer.  army  .mil 
van-bc.wimsey.bc.ca:/pub/crypto/PGP-2.1 
world.std.com:/OBS 

/The.Internet.Companion/ 
wsmr-simtel20.army.mil 
wsmr-simtel20.army  .mil:PD  1 : 

<MSDOS  .TRO  JAN-PRO> 

{ PD3  :<MACINTOSH.  VIRUS> } 
wuarchive.wustl.edu 
wuarchive.wustl.edu.:  /doc/misc/* 
wuarchive.wustl.edu:ftp/usenet 
/comp,  virus/* 

wuarchive.wustl.edu:usenet 
/comp,  sources. misc/volume23 
/smiley /partOl.Z 


DBS  code 

smiley  sources 
DNS  tools 
binary  gifs 
PgP 

Internet  documentation 
large  software  repository 


anti-virus  software 
largest  software  repository 
documentation 

Unix  security 


smiley  sources 


Finger  Sources 

These  are  usually  electronic  “tidbits”  you  may  obtain  by  typing: 
finger  <sourcename> 


For  example,  to  obtain  local  Livermore,  CA  weather,  type: 
finger  weather@icaen.llnl.gov 


12/94 


Electronic  Resources  for  Security  Related  Information  CIAC-2307 


A-11 


BBSs 


BBS 

cc:Mail  BBS 
CIAC 


U.S.  Commerce  Department 
Internet  access 


Access  Methods 

(415)  691-0401 

(510)  423-4573  (1200/2400  baud);  (510)  423-3331  (9600 
baud) 

(202)  482-3870  (2400  baud);  (202)  482-2167  (9600  baud) 
Telnet  to  “ebb.stat-usa” 


Fedworld  BBS,  access  to 
federal  information  services, 

versatile,  complex  (703)  321-8020  (sys  op  (703)  487-4608)) 


IITF  bulletin  board 
Backup 
Internet  access 
Questions 


(202) 501-1920 
(202) 482-1199 

Telnet  to  “iitf.doc.gov”  and  log  in  as  gopher 
(202)  482-1835;  E-mail  cfranz@ntia.doc.gov 


NIST  computer  security 
Internet  access 


(301)  948-5717  (2400  baud  or  less);  (301)  948-5140  (9600 
baud) 

Telnet  to  “cs-bbs.ncsl.nist.gov”  (129.6.54.30) 


NIST  data  management  activities 

and  applications  (301)  948-2048  or  (301)  948-2059  (2400  baud  or  less) 


NIST  open  systems 

interconnection  standards  (301)  869-8630  (2400  baud  or  less) 


NIST  North  American  Integrated 
Services  Digital  Network 

User’s  Forum  (301)  869-7281  (2400  baud  or  less) 


The  Privacy  Rights  Clearinghouse 

BBS  Direct  access:  (619)  260-4670 

At  the  local  prompt  enter  c  teetot 
At  the  login  prompt  enter  privacy 
Follow  instructions  for  new  users 

Internet  access  Telnet  to  “teetot.acusd.edu”  and  follow  the  above  steps 


Read  the  USEnet  newsgroup  “alt.bbs”  for  information  about  bulletin  board  services. 
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IRC  (Internet  Relay  Chat)  Conferencing 


Location 

#hack 

bradenville.andrew.cmu.edu 

cc.nsysu.edu.tw 

chatsubo.nerce.govrlogin  bbs 

ircserver.itc.univie.ac.at  6668 

IRC.ibmpcug.co.uk  9999 

IRC.santafe.edu 

cs.bu.edu:/IRC/clients 

ftp .  ac  su .  buff alo .  edu :  /pub/IRC 

freebie .  engin .  umich .  edu 

slopoke .  mlb .  semi .  harris  .com:/pub/IRC 

(US)badger.ugcs.caltech.edu 

csd.bu.edu 

disuns2.epfl.ch 

IRC.caltech.edu 

munagin.ee.mu.oz.au 

nic.funet.fi 

penfold.ece.uiuc.edu 

sunsystem2.informatik.tu-muenchen.de 

ucsu.colorado.edu 

ug.cs.dal.ca 


Description 

attacker  channel  (there  are  many  other  channels, 
most  legitimate) 

telnet  server 

telnet  server  -  login:  IRC 
telnet  server 
telnet  server 
telnet  server 

telnet  server  -  login:  IRC 

IRC  client/server  software  ftp  site 
IRC  client/server  software  ftp  site 
IRC  client/server  software  ftp  site 
IRC  client/server  software  ftp  site 
IRC  server  site  (US) 

IRC  server  site  (East  Coast  US) 

IRC  server  site  (Switzerland) 

IRC  server  site  (West  Coast  US) 

IRC  server  site  (Australia) 

IRC  server  site  (Finland) 

IRC  server  site  (Midwest  US) 

IRC  server  site  (Germany) 

IRC  server  site  (US) 

IRC  server  site  (Canada) 
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List  Servers/Information  Sources 


List  Server/Source  Description 


bugtraq-request  @  fc.net 

cert@cert.org 
cert@cert.org 
ciac-listproc@llnl.gov 
ciac-listproc@llnl.gov 
comp-privacy-request  @  pica. army  .mil 
gopher-news-request@boombox. 
micro.umn.edu 

interpedia-request  @  telerama.lm.com 
isoc@nri.reston.va.us 
listproc  @  educom.edu 
listserv@itocsivm.csi.it 

LISTSERV@KENTVM.BITNET 

EISTSERV@EEHIGH.EDU 

EISTSERV@EEHIGH.EDU 

listserv  @  vmd.cso.uiuc.edu 

mac-security-request@eclectic.com 
Majordomo  @  GreatCircle.COM 
majordomo  @  is  .internic  .net 
Majordomo@Eists.EUnet.fi 
Majordomo  @  net.tamu.edu 
maj  ordomo  @  nsmx  .rutgers.edu 
pem-dev-request  @  tis  .com 
pem-info  @  tis .  com 
phrack@  well.sf.ca.us 
privacy-request@cv.vortex.com 
risks-request@csl.sri.com 
security-  alert  @  flatline .  corp .  sun .  com 
security-features  @  sun.com 
tkOj  ut2  @  mvs.cso.niu.edu 
dds.hacktic.nl 


bugtraq 

CERT  -  advisories 
CERT  -  tools 
CIAC  -  bulletin 
CIAC  -  notes 

computer  privacy  digest  subscription 

gopher  news  subscription 
Interpedia  online  encyclopedia 
Internet  Society  News 
EDUCOM  information  technology  news 
Network  Information  Retrieval  and  Online  Public 
Access  Catalogs 

HYTEE-E  list  sever  (Internet  library  guide) 
MS-DOS  viruses;  SUB  VIRUS-L yourfullname 
MS-DOS  viruses  alert;  SUB  VALERT-L 
yourfullname 

CUD,  SUB  CUDIGEST  YOUR  NAME 
Macintosh  security  subscription 
firewalls  and  firewalls-digest  subscription 
scout-report,  weekly  happenings 
cryptography;  SUBSCRIBE  CYPHERWONKS 
academic-firewalls 
WWW-sec  urity 
pern  subscription 

privacy  enhanced  mail  information 

Phrack  periodical 

privacy  forum  digest  subscription 

risks  digest  subscription 

Sun  security  information 

Sun  security  alerts 

Computer  Underground  Digest 

(telnet)  The  Digital  Cityt 
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Network  Information 


Telnet  to  “rs.internic.net”.  The  primary  command  is: 

whois  domain 
or 

whois  subdomain 
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Reference  Services 


Archie 


Gopher 

(Internet 

Resource 

Server) 


Archie  is  used  for  automated  anonymous  ftp  server  searches  (see  anonymous  ftp 
for  client  software).  There  are  multiple  file  locator  sites  (telnet  to  site  and  log  in 
as  archie): 

archie.rutgers.edu  (Rutgers  University) 
archie.unl.edu  (University  of  Nebraska  in  Lincoln) 
archie.sura.net  (SURAnet  archie  server) 
archie.ans.net  (ANS  archie  server) 


•  Client  software: 

boombox  .micro . umn .  edu : /pub/gopher 
ftp.bio.indiana.edu:/util/gopher 

•  Telnet  access: 

consultant.micro.umn.edu  (134.84.132.4) 
gopher.uiuc.edu  (128.174.33.160) 
panda.uiowa.edu  (128.255.40.201) 

•  Servers: 

ace.esusda.gov  -  Americans  Communicating  Electronically  (Department 
of  Agriculture) 
aclu.org  -  ACLU 
ba.com  -  Bell  Atlantic 
bell.com  -  telecommunications  information 
csbh.com  -  Computer  Solutions  by  Hawkinson 
cix.org  -  commercial  information 
cwis.usc.edu  -  Gopher  Jewels 

dewey.lib.ncsu.edu  -  North  Carolina  State  University  Library 
ds.internic.net  -  InterNIC  network  information  service 
educom.edu  -  EDUCOM  Documents  and  News 
fatty.law.cornell.edu  -  Cornell  Law  School 
fedix.fie.com  -  Eederal  Info.  Exchange  (EEDIX) 
gopher.acusd.edu  -  Privacy  Rights  Clearinghouse 
gopher.bcm.tmc.edu  -  Baylor  College  of  Medicine 
gopher.census.gov  -  Census  bureau 
gopher.cic.net  -  Internet  use  instruction 

gopher.cic.net:Electronic  Serials/ Alphabetic  List/e/Electronic  Journal  on 
Virtual  Culture/  -  Electronic  Journal  on  Virtual  Culture 
gopher.cni.org:70/l  1/cniftp/miscdocs/famet  -  Coalition  for  Networked 
Information  Internet  Information 
gopher.cpsr.org  -  CSPR 
gopher.cs.ttu.edu  -  Texas  Tech  University 
gopher.ed.gov  -  Department  of  Education 
gopher.eff.org  -  LEE 
gopher.epa.gov  -  EPA 
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Reference  Services,  continued 


gopher.es.net  -  Energy  Sciences  network 
gopher.esa.doc.gov  -  U.S.  Commerce  Department 
gopher.fcc.gov  -  FCC 
gopher.first.org  -  FIRST 

gopher.fonorola.net  -  Internet  Business  Journal  archives 
gopher.gsfc.nasa.gov  -  NASA  Goddard  Space  Flight  Center 
gopher.house.gov  -  U.S.  House  of  Representatives 
gopher.Internet.com  -  Electronic  Newsstand  information 
gopher.lanl.gov  -  Eos  Alamos  National  Faboratory 
gopher.law.csuohio.edu  -  Cleveland  State  University  Faw  Fibrary 
gopher.lib.umich.edu  -  University  of  Michigan  Fibraries,  Internet 
Resource  Guides 

gopher.nara.gov  -  National  Archives 

gopher.netsys.com  (port  2100)  -  Electronic  Newsstand  (problems:  E-mail 
to  staff@enews.com) 

gopher.nist.gov  -  National  Institute  of  Standards  and  Technology 
gopher.ox.ac.uk:The  World/Gopherspace/Alex  -  electronic  texts 
gopher.senate.gov  -  U.S.  Senate 

gopher-server.nist.gov  -  National  Institute  of  Standards  and  Technology 
(NIST) 

gopher.sti.nasa.gov 
gopher.tamu.edu  -  Texas  A&M 

gopher.tic.com  -  EFF-Austin/IMatrix  Information  and  Directory  Services, 
Inc.  (MIDS),  Austin 
gopher.town.hall.org  -  Internet  radio 
gopher.undp.org  -  United  Nations 
gopher.unr.edu  -  University  of  Nevada 
gopher.vortex.com  -  Vortex  Technology 

gopher. well.sf.ca.us  -  Whole  Earth  'Fectronic  Magazine  -  The  WEFF's 
Gopherspace 

gopher.wired.com  -  public  cryptography  issues 
hopf.math.nwu.edu  -  Internet  Society,  gopher  software 
ici.proper.com  -  Internet  Computer  Index 
ietf.CNRI.Reston.Va.US 
iitf.doc.gov  -  information  infrastructure 

info.asu.edu  -  electronic  periodicals  and  educational  gopher  sites 
info.learned.co.uk  -  FI  NewsWire  electronic  periodical 
internic.net  -  Network  Information  Center  Gopher 
jupiter.esd.ornl.gov  -  Oak  Ridge  National  Faboratory  ESD  Gopher 
krakatoa.jsc.nasa.gov  -  Fibrary  X  at  Johnson  Space  Center 
lawnext.uchicago.edu  -  University  of  Chicago  Faw  School 
liberty.uc.wlu.edu  -  Washington  &  Fee  University  (Fegal) 
marketplace.com  -  Internet  information  mall 
marvel.loc.gov  -  Fibrary  of  Congress  (FC  MARVEF) 
naic.nasa.gov  -  NASA  Network  Applications  and  Information  Center 
(NAIC) 

ns.novell.com  -  Novell  Netwire  Archives 
nstn.ns.ca  -  electronic  bookstore 

ntiaunixl.ntia.doc.gov  -  National  Information  Infrastructure 
ocs.dir.texas.gov  -  Department  of  Information  Resources  (State  of  Texas) 
pdb.pdb.bnl.gov  -  Brookhaven  National  Faboratory  Protein  Data  Bank 
rs.intemic.net  -  NIC 
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Reference  Services,  continued 


Wide  Area 

Information 

Server 


Worid  Wide 
Web/Mosaic 


sluava.slu.edu  -  Saint  Louis  University  (Legal) 

SunSITE.unc.edu  (152.2.22.81)  -  SUN  information 
technology.com  -  NASA  Mid-Continent  Technology  Transfer  Center 
tic.com  -  Texas  Internet  Consulting 
trainmat.ncl.ac.uk  -  network  training 
twinbrook.cis.uab.edu  -  Interpedia  project 

ucsbuxa.ucsb.edu  (port  3001)  -  University  of  California  -  Santa  Barbara 
Library 

una.hh.lib.umich.edu  -  University  of  Michigan  Internet  resource  guides 
vienna.hh.lib.umich.edu 

vx740.gsfc.nasa.gov  -  NASA  Shuttle  Small  Payloads  Info 

wired.com  -  writing 

wiretap.spies.com  -  Wiretap 

world.std.com  -  The  World  (Public  Access  Unix) 


brewster@think.com  -  E-mail  for  further  information 
quake.think.com  -  telnet  and  sign  on  as  “wais” 
wais.eff.org  -  EEE 


•  Client  software: 

info.cern.ch:/pub/wwwA\AVWEineModeDefaults.tar.Z  -  browser  source 
ftp.ncsa.uiuc.edu  (141.142.20.50)  -  Mosaic 

•  Servers  (Uniform  Resource  Locators): 

You  may  access  any  anonymous  ftp  server  xxx.yyy.zzz  as  ftp://xxx.yyy.zzz 
and  any  gopher  server  with  the  prefix  gopher://  as  illustrated  below.  The 
slashes  (/)  following  the  reference  address  delineate  directory,  subdirectory, 
...,  file  name  in  the  usual  Unix  notation. 

gopher://aclu.org:6601/l  -  ACEU 

gopher://arl.cni.org:70/l  1/scomm/edir  -  directory  of  electronic  journals 
gopher://ba.com  -  Bell  Atlantic 

gopher://gopher.es.net/ll/pub/security  -  Energy  Sciences  network 
gopher://ntiaunixl.ntia.doc.gov:70/lls/newitems  -  National  Information 
Infrastructure 

gopher://oss968.ssa.gov  -  Social  Security  Administration 
gopher://peg.cwis.uci.edu:7000/l  1/gopher. welcome/peg/GOPHERS/gov  - 
U.S.  Government 

gopher://rsl.ox. ac.uk:70/l  1/lib-com/hunter  -  electronic  texts 
gopher://una.hh.lib.umich.edU/l  1/inetdirs  -  University  of  Michigan 
http://aps.org/  -  American  Physical  Society 
http://www.ba.com  -  Bell  Atlantic 
http://csrc.ncsl.nist.gov/  -  EIRST 

http://curia.ucc.ie/info/net/acronyms/acro.html  -  Acronym  translator 
http://delcano.mit.edu/  -  NASA  planetary  data 
http://delcano.mit.edu/cgi-bin/midr-query  -  NASA  planetary  data 
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Reference  Services,  continued 


http://dfw.net/~alephl  -  cracker  home  page 

http://digicash.support.nl/  -  digital  cash 

http://ds.internic.net/ds/dsdirofdirs.html  -  InterNIC  network  information 
center 

http://educom.edu/.index.html  -  EDUCOM 
http://first.org  -  FIRST 

http://ftp.etext.org/Zines/InterText/intertext.html  -  electronic  periodical 
http://http2.sils.umich.edu/~lou/chhome.html  or  -  University  of  Michigan 
http://ici.proper.com  -  Internet  Computer  Index 
http://info.acm.org/  -  ACM 

http://info.cern.ch/hypertext/DataSources/bySubject/Overview.html  - 
WWW  virtual  library 

http://info.cern.ch/wit  -  WIT  WWW  conversation  software 
http://info.cern.ch/hypertext/WWW/Clients.htm  -  browser  programs 
http://info.cern.ch/hypertext/WWW/FAQ/Bootstrap.html  -  telnet 
accessible  browers 

http://info.cern.ch/hypertext/WWW/Shen/ref/shen.html  -  Mosaic  security 
http://info.isoc.org/interop-tokyo.html  -  Internet  information 
http://info.leamed.co.uk  -  LI  NewsWire  electronic  periodical 
http://jupiter.esd.oml.gov/  -  Oak  Ridge  National  Laboratory  BSD 
http://lcweb.loc.gov/homepage/lchp.html  -  Library  of  Congress 
http://login.eunet.no/(presno/  -  Online  World  resources  handbook 
http://marketplace.com  -  Internet  information  mall 
http://neamet.gnn.com/GNNhome.html  -  Global  Network  Navigator 
http://pass.wayne.edu/business.html  -  business  on  the  Internet 
http://peterhe.ulib.albany.edu/mk-docs/mk-isp.html  -  list  of  libraries 
http://power.globalnews.com/  -  PowerPC  News 
http  ://programs .  interop .  com 

http://pubweb.parc.xerox.com/map  -  Xerox  PARC  Map  Viewer 
http://pubweb.ucdavis.edu/Documents/Quotations/homepage.html  - 
quotations 

http://stardust.jpl.nasa.gov/pds_home.html  -  NASA  planetary  data 
http://sunsite.unc.edu/ianc/index.html  -  “Underground  music” 
http://web.nexor.co.uk/mak/doc/robots/robots.html  -  WWW  robots 
http://wombat.doc.ic.ac.uk/  -  Online  Dictionary  of  Computing 
http://www-ns.rutgers.edu/www-security/index.html  -  ’\\AVW  security 
http://www.anl.gov/oithome.html  -  Department  of  Energy 
http://www.census.gov/  -  Census  bureau 

http://www.cis.ohio-state.edu/hypertext/faq/usenet/FAQ-list.html  -  USEnet 
faqs 

http://www.charm.net/~web/Vlib.html  -  WWW  page  development 
http://www.commerce.net/directories/members/ns/new_ipower.html  - 
National  Semiconductor  security  products 
http://www.cs.colorado.edu/homes/mcbryan/public_html/bb/summary.html 
-  World-Wide  WAIS-Searehable  WWW  Catalogs 
http://www.di.unipi.it/iconbrowser/icons.html  -  Icon  Browser  at  Pisa 
University 

http://www.digital.com/home.html  -  Digital  Equipment  Corporation 
http://www.eam.net/lug/notice.html  -  list  servers 
http://www.ed.gov/  -  Department  of  Education 
http://educom.edu/  -  EDUPAGE 
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Reference  Services,  continued 


http://www.ee.surrey.ac.uk/edupage/edupage/  -  EDUPAGE  electronic 
periodical 

http://www.eecs.nwu.edu/hacker_crackdown/index.html  -  “The  Hacker 
Crackdown” 

http://www.eff.org/ftp/EFF  -  EFF 

http://www.eit.com/web/www.guide/  -  guide  to  Cyberspace 
http://www.ensta.fr/Internet/  -  Internet  “goodies” 
http://www.fedworld.gov  -  U.S.  Government  servers 
http://www.geom.umn.edu/docs/snell/chance/welcome.html  -  probability 
and  statistics 

http://www.hp.com  -  HP  Main  Welcome  Screen 
http://www.hpcc.gov/imp95/  -  High  Performance  Computing  and 
Communications 

http://www.hull.ac.uk/Hull/ITTI/itti.html  -  United  Kingdom's  Information 
Technology  Training  Initiative 

http://www.ictp.trieste.it/Canessa/whoiswho.html  -  Who’s  Who  on  the 
Internet 

http://www.ihep. ac.cn:3000/china.html  -  Peoples  Republic  of  China 
http://www.internic.net/  -  the  interNIC 

http://www.internic.net/infoguide.html  -  guide  to  Internet  WWW  resources 
http://www.jou.ufl.edu/commres/webjou.html  -  links  to  newspapers 
http://www.kiae.su/www/wtr/  -  Window-to-Russia 
http://www.lib.umich.edu/chhome.html  or  -  University  of  Michigan 
http://www.lib.virginia.edu/etext/ETC.html  -  University  of  Virginia 
http://www.llnl.gov  -  Fawrence  Fivermore  National  Faboratory 
http://www.media.org/  -  MIT  security  products 
http://www.mit.edu:8008/  -  electronic  conferencing  (Discuss) 
http://www.nara.gov  -  National  Archives 

http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/whats-new.html  - 
new  server  announcements 
http://www.netmarket.com/  -  encrypted  Mosaic 
http://www.openmarket.com/info/Internet-index/current.html  Internet 
tidbits 

http://www.ornl.gov/  -  Oak  Ridge  National  Faboratory 
http://www.research.att.com/  -  ATT  Bell  Fabs 
http://www.rpi.edu/~decemj/cmc/mag/current/toc.html  -  Computer- 
Mediated  Communication  Magazine 
http://www.rpi.edu/Internet/Guides/decemj/text.html  -  Internet  resources 
http://www.scubed.com: 8001/  -  IRS  and  state  tax  forms 
http://www.sei.cmu.edu/FrontDoor.html  -  Software  Engineering  Institute 
http://www.service.com/PAW/home.html  -  Palo  Alto  Weekly 
http://www.ssa.gov/SSA_Home.html  -  Social  Security  Administration 
http://www.tansu.com.au/Info/security.html  -  security  information 
http://www.tansu.com.au/hypermail/index.html  -  mailing  list  archives 
http://www.tis.com/  -  Trusted  Information  Systems 
http://www.town.hall.org/  -  Internet  radio 

http://www.tu-graz.ac.at/CHCIbib  -  Human  Computer  Interaction 
http://www.utirc.utoronto.ca:3232/HTMFdocs/NewHTMF/intro.htnil  - 
HTMF  documentation 

http://uu-gna.mit.edu: 800 1/uu-gna/text/index.html  -  texts  for  online  classes 
http://www.wais.com  -  Wide  Area  Information  Server 
http://www.wais.com/wais-dbs/risks-digest.html  -  risks  digest 
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http://www.willamette.edu/~tjones/Spanish  -  Spanish  lessons 
http://www.wired.oom  -  publio  cryptography  issues 
http://www.wsg.hp.com/  -  HP  Workstation  Systems  Group 
http://wwwhost.cc.utexas.edu/world/instruction/index.html  -  instructional 
uses  of  the  web 

http://130.20.92. 130:8001/esh/home2.htm  -  DOE  Office  of  Environment, 
Safety  and  Health 
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Remailers 


Edited  List 


Others 


1  hh@pmantis.berkeley.edu 

2  hh@cicada.berkeley.edu 

3  hh@soda.berkeley.edu 

4  nowhere@bsu-cs.bsu.edu 

5  remail@tamsun.tamu.edu 

6  remail@tamaix.tamu.edu 

7  ebrandt@jarthur.claremont.edu 

8  hal@alumni.caltech.edu 

9  remailer@rebma.mn.org 

10  elee7h5@rosebud.ee.uh.edu 

11  phantom@mead.u.washington.edu 

12  hfinney@shell.portal.com 

13  remailer@utter.dis.org 

14  OOx@uclink.berkeley.edu 

15  remail@extropia.wimsey.com 


Notes: 

1  through  6:  do  not  support  encrypted  headers. 

7  through  12:  support  encrypted  headers. 

9,  13,  15:  introduce  longer  than  average  delay;  privately  owned  machines. 
14:  public  key  not  yet  released. 

15:  header  and  message  must  be  encrypted  together. 


admin  @  anon.penet.fi 
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USEnet  News 


Relevant 
Major  Roots 


Relevant 

Groups 


alt  alternative,  testing 

comp  computer  related 

gnu  software  from  Free  Software  Foundation 

ieee  IEEE  related 

misc  miscellaneous 

sci  science 

talk  discussion  of  specific  topic 
vmsnetVMS  related 


austin.eff 

alt.bbs.lists 

alt.irc 

alt.privacy 

alt.  security 

alt.  security  .index 

alt.  security  .pgp 

bit.listserv.infonets 

bit. listserv.  virus-1 

comp.infosystems. gopher 

comp.org.eff.talk 

comp.risks 

comp,  security  .announce 

comp,  security  .misc 

comp.society.cu-digest 

comp,  society  .privacy 

comp,  sources  .binaries 

comp.sys.novell 

comp.virus 

misc. security 

sci.crypt 

sci.virus 
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Mail  Help 


Type  ?  at  the  mail  prompt  to  display  a  help  listing. 


cd  [directory] 
d  [message  list] 
e  [message  list] 
f  [message  list] 
h 

m  [user  list] 
n 

p  [message  list] 
pre  [message  list] 

q 

r  [message  list] 

R  [message  list] 
s  [message  list]  file 
t  [message  list] 
top  [message  list] 
u  [message  list] 

V  [message  list] 
w  [message  list]  file 

X 

z  [-] 

I 


chdir  to  directory  or  home  if  none  given 
delete  messages 
edit  messages 

show  from  lines  of  messages 
print  out  active  message  headers 
mail  to  specific  users 
go  to  and  type  next  message 
print  messages 

make  messages  go  back  to  system  mailbox 

quit,  saving  unresolved  messages  in  mbox 

reply  to  sender  (only)  of  messages 

reply  to  sender  and  all  recipients  of  messages 

append  messages  to  file 

type  messages  (same  as  print) 

show  top  lines  of  messages 

undelete  messages 

edit  messages  with  display  editor 

append  messages  to  file,  without  from  line 

quit,  do  not  change  system  mailbox 

display  next  [previous]  page  of  headers 

shell  escape 


A  [message  list]  consists  of  integers,  ranges  of  integers,  or  user  names  separated  by  spaces.  If 
omitted,  mail  uses  the  current  message. 
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ftp  Help 


To  display  help  about  ftp,  type  man  ftp  at  the  Unix  prompt. 
Use  these  commands  at  the  ftp>  prompt: 


append 

bye 

cd 

close 

delete 

dir 

disconnect 

help 

get 

led 

Is 

mdelete 

mdir 

mget 

mkdir 

mis 

mode 

mput 

open 

put 

pwd 

status 

user 


append  to  a  file 

terminate  ftp  session  and  exit 

change  remote  working  directory 

terminate  ftp  session 

delete  remote  file 

list  contents  of  remote  directory 

terminate  ftp  session 

print  local  help  information 

receive  file 

change  local  working  directory 
nlist  contents  of  remote  directory 
delete  multiple  files 

list  contents  of  multiple  remote  directories 
get  multiple  files 

make  directory  on  the  remote  machine 

nlist  contents  of  multiple  remote  directories 

set  file  transfer  mode 

send  multiple  files 

connect  to  remote  tftp 

send  one  file 

print  working  directory  on  remote  machine 

show  current  status 

send  new  user  information 
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List  Server  Commands 


Commands  are  listed  in  alphabetical  order,  with  the  minimum  acceptable  abbreviation  in  capital 
letters.  Angle  brackets  are  used  to  indicate  optional  parameters.  All  commands  which  return  a  file 
accept  an  optional  “F=fformat”  keyword  (without  the  quotes)  that  lets  you  select  the  format  in  which 
you  want  the  file  sent;  the  default  format  is  normally  appropriate  in  all  cases.  Some  esoteric, 
historical  or  seldom-used  commands  and  options  have  been  omitted. 


List  Subscription  Commands  (from  most  to  ieast  important) 


SUB  scribe  listname  <full_name> 


Subscribe  to  a  list,  or  change  your  name  if  already 
subscribed 


SIGNOFF 

listname 

* 

*  NETWIDE 


Remove  yourself: 

Erom  the  specified  list 
Erom  all  lists  on  that  server 
Erom  all  lists  in  the  network 


SET 


listname  options  Alter  your  subscription  options: 

ACK/NOACK/MSGack  -  Acknowledgments  for  postings 

CONCEAE/NOCONCEAE  -  Hide  yourself  from  REVIEW 

Eiles/NOEiles  -  Toggle  receipt  of  non-mail  files  from  the  list 

Mail/NOMail  -  Toggle  receipt  of  mail 

DIGests/INDex  -  Ask  for  digests  or  message  indexes  rather  than 

getting  messages  as  they  are  posted 
REPro/NOREPro  -  Copy  of  your  own  postings? 

TOPICS:  AEE  -  Select  topics  you  are  subscribed  to 

<-i-/->topicname  (add/remove  one  or  replace  entire  list) 


Options  For  Mail  Headers  of  Incoming  Postings  (Choose  One) 

EUEEhdr  or  EUEEBsmtp  -  "Pull"  mail  headers 

lETPhdr  -  Internet-style  headers 

SHORThdr  or  SHORTBsmtp  -  Short  (default)  headers 

DUAEhdr  -  Dual  headers,  useful  with  PC  or  Mac  mail 

programs 

CONPIRM  listname  1  <listname2  <. . .»  Confirm  your  subscription  (when  EISTSERV  requests 

it) 

Other  List-Related  Commands 

INDex  listname  Sends  a  directory  of  available  archive  files  for  the  list, 

ifcpostings  are  archived 
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List  Server  Commands,  continued 


Lists 

<option> 

Send  a  list  of  lists  as  follows: 

(no  option) 

Eoeal  lists  only,  one  line  per  list 

Detailed 

Eoeal  lists,  full  information  returned  in  a  file 

Global 

All  known  lists,  one  line  per  list,  sent  as  a  (large!) 
file 

Global  /xyz 

Only  those  whose  name  or  title  eontains  “xyz” 

SUMmary  <node> 

Membership  summary  for  all  lists  on  speeified 
node 

SUMmary  AEE 

Eor  all  nodes  (long  output,  send  request  via  mail!) 

SUMmary  TOTAE 

Just  the  total  for  all  nodes 

Query 

listname 

Query  your  subseription  options  for  a  partieular  list 
(use  the  SET  eommand  to  ehange  them) 

* 

Query  all  lists  you  are  subseribed  to  on  that  server 

REGister 

full_name 

Tell  your  name  to  EISTSERV,  so  that  you  don't  have 
to  speeify  it  on  subsequent  SUBSCRIBES 

GEE 

Make  EISTSERV  forget  your  name 

REView 

listname  <options> 

Get  information  about  a  list 

BY  sort_field 

Sort  list  in  a  eertain  order: 

Country 

by  eountry  of  origin 

Name 

by  name  (last,  then  first) 

NODEid 

by  nodeid 

Userid 

by  userid 

BY  (fieldl  field2) 

You  ean  speeify  more  than  one  sort  field  if 
enelosed  in  parentheses:  BY  (NODE  NAME) 

Countries 

-  Synonym  of  BY  COUNTRY 

EOCal 

Don't  forward  request  to  peers 

Msg 

Send  reply  via  interaetive  messages  (BITNET 
users  only) 

NOHeader 

Don't  send  list  header 

Short 

Don't  list  subseribers 

STats 

listname  <options> 

Get  statistics  about  a  list 

EOCal 

Don't  forward  to  peers 

Informational  Commands 

Help 

Obtain  a  list  of  commands 

Info 

<topic> 

Order  a  EISTSERV  manual,  or  get  a  list  of  available 
ones  (if  no  topic  was  specified) 

Query 

Eile  fn  ft  <filelist>  <options> 

Get  date/time  of  last  update  of  a  file,  and  GET/PUT 
file  access  code 

EEags 

Get  additional  technical  data  (useful  when 
reporting  problems  to  experts) 

REEEASE 

Eind  out  who  maintains  the  server  and  the  version  of 

the  software  and  network  data  files 
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SHOW  <function> 

ALIAS  nodel  <node2  <...» 
BITEARN 
DISTribute 

DPATHs  nodel  <node2  <. . .» 

DPATHs  * 

Fixes 

LINKS  nodel  <node2  <. . .» 

NADs  nodel  <node2  <. . .» 

NETwork 
NODEntry  nodel  <node2  <...»- 
NODEntry  nodel  /abc*/xyz 

PATHS  snode  nodel  <node2  <...» 

STATs 
(no  function) 


Display  information  as  follows: 

BITNET  nodeid  to  Internet  hostname  mapping 
Statistics  about  the  BITEARN  NODES  file 
Statistics  about  DISTRIBUTE 
DISTRIBUTE  path  from  that  server  to  specified 
node(s) 

Full  DISTRIBUTE  path  tree 
List  of  fixes  installed  on  that  server 
Network  links  at  the  BITNET  node(s)  in  question 
Addresses  LISTSERV  recognizes  as  node 
administrators 
Statistics  about  the  network 
BITEARN  NODES  entry  for  the  specified  node(s) 
Just  the  “:xyz.”  tag  and  all  tags  whose  name  starts 
with  “abc” 

-  BITNET  path  between  “snode”  and  the 
specified  node(s) 

Usage  statistics  (default  option) 

Same  as  SHOW  STATS 


Commands  Related  to  File  Server  Functions 


AFD 


FUI 

GET 


Automatic  File  Distribution 

ADD  fn  ft  <filelist  <prolog»  Add  file  or  generic  entry  to  your  AFD  list 

DELete  fn  ft  <filelist>  Delete  file(s)  from  your  AFD  list  (wildcards  are 

supported) 

List  Displays  your  AFD  list 

For  node  administrators: 

FOR  user  ADD/DEL/LIST  etc  Perform  requested  function  on  behalf  of  a  user  you 

have  control  over  (wildcards  are  supported  for  DEL 
and  LIST) 


File  Update  Information:  same  syntax  as  AFD,  except 
that  FUI  ADD  accepts  no  “prolog  text” 

fn  ft  <filelist>  <options>  Order  the  specified  file  or  package 

PROLOGtext  xxxx  -  Specify  a  “prolog  text”  to  be  inserted  on  top  of  the 

file 


GIVE  fn  ft  <filelist>  <TO>  user 


Sends  a  file  to  someone  else 


INDex  <filelist> 


Same  as  GET  xxxx  FILELIST  (default  is  LISTSERV 
FILELIST) 


PW 


function 


ADD  firstpw 

CHange  newpw  PW=oldpw 
DELete  oldpw 


Define/change  a  "personal  password"  for  protecting 
AFD/FUI  subscriptions,  authenticating  PUT 
commands,  and  so  on 

Define  a  password  for  the  first  time 
Change  password 
Delete  password 
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List  Server  Commands,  continued 


SENDme 


Same  as  GET 


Other  (Advanced)  Commands 

DATAbase  function  Access  EISTSERV  database: 

Search  DD=ddname 

<ECHO=NO>  -  Perform  database  search  (see  INEO  DATABASE 

for  more  information  on  this) 

Eist  -  Get  a  list  of  databases  available  from  that  server 

REERESH  dbname  -  Refresh  database  index,  if  suitably  privileged 

DBase  Same  as  DATABASE 


DISTribute  <type>  <source>  <dest>  <options>  Distribute  a  file  or  a  mail  message  to  a  list  of 

users  (see  INEO  DIST  for  more  details  on  the  syntax) 

Type: 

MAIE  -  Data  is  a  mail  message,  and  recipients  are  defined 

by  “<dest>” 

EIEE  -  Data  is  not  mail,  recipients  are  defined  by  “<dest>” 

REC822  -  Data  is  mail  and  recipients  are  defined  by  the 

REC822  “To:”  /  “cc:”  fields 

Source: 

DD=ddname  -  Name  of  DDname  holding  the  data  to  distribute 

(default:  “DD=DATA”) 

Dest: 

<TO>  userl  <user2  <. . .»  -  Eist  of  recipients 

<TO>  DD=ddname  -  One  recipient  per  line 

Options  for  the  general  user: 

ACK=NOne/MAIE/MSG  -  Acknowledgement  level  (default:  ACK=NONE) 

CANON=YES  -  “TO”  list  in  “canonical”  form  (uidl  nodel  uid2 

node2...) 

DEBUG=YES  -  Do  not  actually  perform  the  distribution;  returns 

debug  path  information 

INEORM=MAIE  -  Send  file  delivery  message  to  recipients  via  mail 

TRACE=YES  -  Same  as  DEBUG=YES,  but  file  is  actually 

distributed 

Options  requiring  privileges: 

EROM=user  -  Eile  originator 

EROM=DD=ddname  -  One  line:  “address  name” 

EOR  user  command  Execute  a  command  on  behalf  of  another  user  (for 

node  administrators) 

SERVE  user  Restore  service  to  a  disabled  user 

THANKs  Check  if  the  server  is  alive 


UDD  Access  the  User  Directory  Database  (there  are  18 

functions  and  many  sub-functions,  so  the  syntax  is  not 
given  here) 
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List  Server  Commands,  continued 


Syntax  of  Parameters 


filelist 

fformat 

fn 

ft 

full_name 

listname 

node 

pw 

user 


1  to  8  characters  from  the  following  set:  A-Z  0-9  $#@-i-_: 

Netdata,  Card,  Disk,  Punch,  LPunch,  UUencode,  XXencode,  VMSdump,  MIME/text, 
MIME/Appl,  Mail 
same  syntax  as  “filelist” 
same  syntax  as  “filelist” 

firstname  <middle_initial>  surname  (*not*  your  E-mail  address) 
name  of  an  existing  list 

BITNET  nodeid  or  Internet  hostname  of  a  BITNET  machine  which  has  taken  care  of 
supplying  a  “:Internet tag  in  its  BITEARN  NODES  entry 
1  to  8  characters  from  the  set:  A-Z  0-9  $#@_-?!l% 

Any  valid  REC822  network  address  not  longer  than  80  characters;  if  omitted,  the 
“hostname”  part  defaults  to  that  of  the  command  originator 
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rn  Help 


To  display  help  about  m,  type  man  rn  at  the  Unix  prompt 
Use  these  commands  at  the  Newsgroup  Selection  command  level: 


y,  SP 
•cmd 

u 

c 

n 

N 

P 

P 

1 

A 

$ 

g  name 

/pat 

?pat 

1  pat 
m  name 
o  pat 
a  pat 
L 
& 

&switch  {switch} 

&& 

&&def 

!cmd 

q 

X 


V 


Do  this  newsgroup  now. 

Do  this  newsgroup,  executing  cmd  as  first  command. 

Start  this  newsgroup,  but  list  subjects  before  reading  articles. 

Unsubscribe  from  this  newsgroup. 

Catch  up  (mark  this  newsgroup  all  read). 

Go  to  the  next  newsgroup  with  unread  news. 

Go  to  the  next  newsgroup. 

Go  to  the  previous  newsgroup  with  unread  news. 

Go  to  the  previous  newsgroup. 

Go  to  the  previously  displayed  newsgroup. 

Go  to  the  first  newsgroup. 

Go  to  the  first  newsgroup  with  unread  news. 

Go  to  the  last  newsgroup. 

Go  to  the  named  newsgroup.  Subscribe  to  new  newsgroups  this  way  too. 
Search  forward  for  newsgroup  matching  pattern. 

Search  backward  for  newsgroup  matching  pattern.  (Use  *  and  ?  style  patterns. 
Append  r  to  include  read  newsgroups.) 

List  unsubscribed  newsgroups  containing  pattern. 

Move  named  newsgroup  elsewhere  (no  name  moves  current  newsgroup). 

Only  display  newsgroups  matching  pattern.  Omit  pattern  to  unrestrict. 

Like  o,  but  also  scans  for  unsubscribed  newsgroups  matching  pattern. 

List  current  .newsrc. 

Print  current  command  line  switch  settings. 

Set  (or  unset)  more  command- line  switches. 

Print  current  macro  definitions. 

Define  a  new  macro. 

Shell  escape. 

Quit  rn. 

Quit,  restoring  .newsrc  to  its  state  at  startup  of  rn. 

Edit  the  global  KILL  file.  Use  commands  like  /pattern/j  to  suppress  pattern  in 
every  newsgroup. 

Print  version. 


Use  these  commands  at  the  Article  Selection  command  level: 


n,  SP 

N 

AN 

P,  P, 
number 


Scan  forward  for  next  unread  article. 

Go  to  next  article. 

Scan  forward  for  next  unread  article  with  same  subject. 
Same  as  n,  N,  ^N,  only  going  backward. 

Go  to  previously  displayed  article  number. 

Go  to  specified  article. 
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rn  Holp,  Continued 


range  { , range } :  command  { :  command } 

Apply  one  or  more  commands  to  one  or  more  ranges  of  articles. 

Ranges  are  of  the  form:  number  I  number-number.  You  may  use  for 
the  current  article,  and  “$”  for  the  last  article. 

Valid  commands  are:  e,  j,  m,  M,  s,  S,  and  I. 

/pattem/modifiers  Scan  forward  for  article  containing  pattern  in  the  subject  line. 

(Use  ?pat?  to  scan  backwards;  append  “h”  to  scan  headers,  “a”  to  scan 
entire  articles,  “r”  to  scan  read  articles,  “c”  to  make  case  sensitive.) 


/pattem/modifiers :  command  { :  command } 


f,F 

Apply  one  or  more  commands  to  the  set  of  articles  matching  pattern. 
Use  a  K  modifier  to  save  entire  command  to  the  KILL  file  for  this 
newsgroup.  Commands  “m”  and  “M”,  if  first,  imply  an  “r”  modifier. 
Valid  commands  are  the  same  as  for  the  range  command. 

Submit  a  followup  article  (F  =  include  this  article). 

r,  R 

Reply  through  net  mail  (R  =  include  this  article). 

e  dir{lcommand} 

Extract  to  directory  using  /bin/sh,  uudecode,  or  specified  command. 

s  ... 

Save  to  file  or  pipe  via  sh. 

S  ... 

Save  via  preferred  shell. 

w,  W 

Like  s  and  S  but  save  without  the  header. 

I  ... 

Same  as  si... 

c 

Cancel  this  article,  if  yours. 

^R,  V 

Restart  article  (v=verbose). 

Restart  article,  rotl3  mode. 

c 

Catch  up  (mark  all  articles  as  read). 

b 

Back  up  one  page. 

Refresh  the  screen.  You  can  get  back  to  the  pager  with  this. 

X 

Refresh  screen  in  rotl3  mode. 

A 

Go  to  first  unread  article.  Disables  subject  search  mode. 

$ 

Go  to  end  of  newsgroup.  Disables  subject  search  mode. 

# 

Print  last  article  number. 

& 

Print  current  values  of  command  line  switches. 

(feswitch  {switch} 

Set  or  unset  more  switches. 

&& 

Print  current  macro  definitions. 

&&def 

Define  a  new  macro. 

j 

Junk  this  article  (mark  it  read).  Stays  at  end  of  article. 

m 

Mark  article  as  still  unread. 

M 

Mark  article  as  still  unread  upon  exiting  newsgroup  or  Y  command. 

Y 

Yank  back  articles  marked  temporarily  read  via  M. 

k 

Kill  current  subject  (mark  articles  as  read). 

K 

Mark  current  subject  as  read,  and  save  command  in  KILL  file. 

Edit  local  KIEE  file  (the  one  for  this  newsgroup). 

= 

Eist  subjects  of  unread  articles. 

u 

Unsubscribe  from  this  newsgroup. 

q 

Quit  this  newsgroup  for  now. 

Q 

Quit  newsgroup,  staying  at  current  newsgroup. 
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CIAC  Electronic  Bulletin  Board  and  ftp  Summary  Guide 


The  following  information  was  provided  by  the  guide’s  author.  Note  that  the  name  of  the  anonymous 
ftp  server  will  be  changing  to  “CIAC”  at  a  later  date. 

The  FELICIA  Virus  Bulletin  Board  System  and  the  CIAC  Anonymous  FTP  Server 
Computer  Security  Information  Sources  for  the  DOE  Community — Executive 
Summary 

by 

William  J.  Orvis 

The  Computer  Incident  Advisory  Capability  (CIAC)  operates  two  file  servers  for  the  DOE 
community,  FELICIA  (formerly  FELIX),  and  CIAC.  FELICIA,  is  a  computer  Bulletin  Board 
System  (BBS)  which  is  available  via  telephone  using  a  modem.  CIAC  is  an  anonymous  FTP  server 
on  the  Internet.  Both  of  these  file  servers  contain  all  of  the  publicly  available  CIAC,  CERT,  NIST, 
and  DDN  bulletins,  virus  descriptions,  the  Virus-L  moderated  virus  bulletin  board,  copies  of  public 
domain  and  shareware  virus  detection/protection  software,  and  copies  of  useful  public  domain  and 
shareware  utility  programs. 

ACCESSING  FELICIA 

FELICIA  is  a  BBS  connected  to  the  telephone  system.  To  access  it  with  a  modem  and  a  terminal,  set 
up  your  system  as  8  bit,  no  parity,  and  one  stop  bit.  The  access  numbers  (commercial  and  FTS)  are: 

(510)423-4753  -  2400  baud  or  slower 
(510)423-3331  -  9600  baud  V.32  or  slower 

The  first  time  you  call  in,  you  will  have  to  register  your  name  and  address.  To  download  or  read 
files,  switch  to  the  file  section  and  follow  the  directions.  Most  of  the  popular  downloading  protocols 
are  available,  including  XMODEM,  YMODEM,  SEALink,  and  Kermit. 

ACCESSING  CIAC 

CIAC  is  an  anonymous  FTP  server  on  the  Internet,  so  you  must  have  Internet  access  to  use  it.  Note 
that  CIAC.llnl.gov  will  change  to  ciac.llnl.gov  in  the  near  future.  Use  one  of  the  following 
commands  to  run  FTP  with  CIAC’  Internet  address: 

ftp  CIAC.llnl.gov 
or 

ftp  128.115.19.53 

When  you  are  connected  to  CIAC,  if  you  get  the  username  prompt,  type  anonymous;  otherwise,  type 
user  anonymous . 

when  you  are  asked  for  a  password,  type  your  E-mail  address  (e.g.,  jones@llnl.gov.) 

There  is  a  document  explaining  the  directory  of  downloadable  files  stored  in  the  file  0-index. txt  in 
the  first  level  directory.  All  the  computer  security-related  files  and  documents  are  in  subdirectories 
of  the  directory  /pub/ciac. 
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To  download  files,  use  the  GET  or  MGET  command  (see  below).  The  file  0-index.txt  in  each 
directory  lists  the  other  files  in  that  directory  and  briefly  describes  their  contents.  The  file  news.txt  in 
the  /pub/ciac  directory  contains  a  list  of  the  new  files  placed  in  the  archive. 

Use  the  following  commands  to  move  around  the  directory  system  and  download  files: 

cd  Change  directory,  follow  with  the  path  to  the  directory  you  want  to  access. 

Use  as  the  directory  name  to  backup  one  directory  or  to  backup  to 
the  root  directory. 

Is  Eist  the  contents  of  a  directory. 

binary  Change  the  mode  for  downloading  files  to  binary.  Execute  this  command 
before  downloading  anything  but  pure  text  files,  to  insure  that  you  get  an 
unmodified  file. 

ascii  Change  the  mode  for  downloading  to  ASCII.  If  you  have  switched  to 

binary  mode,  execute  this  command  before  downloading  pure  text  files. 

ETP  automatically  changes  the  end  of  line  characters  to  the  ones  your 
machine  expects. 

get  Get  a  file.  Eollow  this  command  with  the  name  of  the  file  you  want  to 
download  to  your  machine. 

mget  Multiple  Get.  Eollow  this  command  with  a  file  name  that  includes 

wildcard  characters  to  select  and  download  multiple  files.  The  wildcard 
character  stands  for  any  number  of  any  characters,  and  “?”  stands  for 
any  single  character. 

SCANNING  DOWNEOADED  SOETWARE 

As  with  any  software  you  obtain,  you  should  exercise  caution  and  scan  individual  software  packages 
before  using  the  software  for  the  first  time.  Unless  otherwise  indicated,  all  software  on  EEEICIA  and 
CIAC  has  been  scanned  for  known  viruses,  but  it  is  advisable  to  scan  all  downloaded  software  using 
the  most  recent  version  of  a  virus  scanning  tool.  Be  sure  to  scan  archived  applications  after  they  have 
been  extracted  from  the  .ZIP,  .ARC,  or  SIT  archive,  as  scanning  software  cannot  currently  detect  a 
virus  within  an  application  until  it  is  in  an  executable  form. 

DOWNEOADING  CONSIDERATIONS 

If  you  are  downloading  to  a  Macintosh,  be  sure  to  use  the  Text  version  of  the  downloading  protocol 
(e.g.,  Text-XMODEM,  Text-YMODEM,  etc.,  for  downloads  from  EEEICIA  and  ASCII  mode  on 
CIAC)  on  your  Macintosh  when  downloading  pure  text  files  or  unformatted  documents.  The  text 
version  of  the  downloading  protocol  corrects  for  the  difference  in  the  end  of  line  characters  used  on 
the  PC  and  Macintosh  systems  (the  PC  wants  a  CR-EE  at  the  end  of  a  line  while  the  Macintosh 
wants  a  CR  only.)  When  downloading  a  binary  Macintosh  file  such  as  a  program  file  or  a  formatted 
document,  be  sure  to  set  the  MacBinary  form  of  the  protocol  (e.g.,  MacBinary-XMODEM  for 
downloads  from  EEEICIA,  and  Binary  mode  on  CIAC)  on  your  Macintosh.  If  you  forget  to  do  this, 
you  can  still  do  the  conversion  later  using  the  Apple  Eile  Exchange  utility  included  with  the 
Macintosh  system. 
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CIAC  Electronic  Bulletin  Board  and  ftp  Summary  Guide,  continued 


Downloadable  PC-DOS/MS-DOS  files  are  either  text  files  (.TXT),  zip  or  arc  archives  (.ZIP  or 
.ARC)  or  executables  (.COM  or  .EXE).  Text  files  and  executables  can  be  downloaded  directly  and 
used.  Be  sure  to  use  a  binary  downloading  capability  (e.g.,  XMODEM)  for  the  executable  files  and 
archives.  Elies  in  ZIP  archives  must  be  extracted  after  downloading  with  PKUNZIP  before  they  can 
be  used.  Macintosh  files  in  SIT  archives  must  be  extracted  with  Stuffit  before  they  can  be  used. 
Macintosh  files  in  .CPT  archives  must  be  extracted  with  Compactor  or  Extractor.  SEA  files  are  self 
extracting  archives  and  need  no  archiving  program.  Archiving  utilities  for  both  PC  and  Macintosh 
files  are  available  in  their  respective  file  sections. 

USING  SHAREWARE 

If  you  are  using  a  shareware  package  downloaded  from  EEEICIA  or  any  other  source,  be  sure  to 
follow  the  instructions  in  the  package  for  compensating  the  author.  The  cost  is  generally  minimal 
($10  to  $50),  for  some  very  useful  applications. 
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DOCKMASTER  Resource  Guide 


This  guide  was  provided  by  the  NCSC. 

DOCKMASTER  has  a  multitude  of  resources  concerning  computer  security  available  to  our  users. 
These  resources  include  papers  on  viruses  and  other  related  issues,  Internet  resources,  technical 
guidelines  (Rainbow  Series  books  and  pamphlets),  and  forum  meetings.  The  following  information 
is  available  to  most  users  on  the  DOCKMASTER  system.  To  review  the  documents  listed,  the  user 
can  change  his/her  working  directory  to  the  indicated  directory.  The  command  to  do  this  is  “cwd 
pathname”  where  the  pathname  will  be  given  above  each  list  of  documents  in  that  directory.  The 
“list”  command  will  display  the  contents  of  that  directory. 

example:  cwd  >site>net>papers 

>site>net>papers 

.  Virus  frequently  asked  questions 
.  Site  security  handbook 
.  GAO  report  on  the  Internet  Worm  incident 
.  VirusIOI 

.  NIST  paper  on  computer  viruses  and  related  threats 
.  Improving  Unix  systems  security 
.  GOSIPdraft2 

>site>net>Internet 

.  All  kinds  of  information  on  Internet  resources  including  what 
it  is,  its  uses,  a  new  user’s  guide  and  many  more. 

>site>net>irg 

.  Several  directories  containing  the  chapters  from  the  Internet 
Resources  Guide 

>site>net>rfcs 

.  Many  Request  for  Comments  (REC)  documents.  These  documents 
cover  subjects  ranging  from  protocols  for  system  to  system 
communications;  standards  for  network  managers;  X.400  and  other 
protocols;  addressing  schemes;  etc.  The  main  library  is  located 
at  the  Network  Information  Center  better  known  as  the  NIC.  There 
is  an  index  of  all  RECs  located  at  the  NIC  in  this  directory. 

>site>pubs 

.  Orange  book  in  HyperCard  version  2.01 
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>site>pubs>criteria 

.  ITSEC  (Information  Technology  Security)  paper 
.  MSRF  (Minimum  Security  Fundamental  Requirements)  paper 
.  FC-Scope  paper  -  a  joint  statement  by  the  NIST  and  NSA  on  the 
Federal  Criteria. 

>site>pubs>guidelines 

.  Trusted  Database  Interpretation  (TDI) 

.  Trusted  Distribution  Guidelines  (TD) 

.  Audit  in  Trusted  Systems 
.  Computer  Security  Subsystems 
.  Computer  Viruses 
.  Configuration  Management 
.  Degausser  Product  Fist 
.  Design  Documentation 
.  Discretionary  Access  Control 
.  Endorsed  Tools  Fist 
.  Formal  Verification  Systems 
.  Glossary  of  COMPUSEC  Terms 
.  Guideline  for  Vendors 
.  Office  Automation  Guideline 
.  Password  Management 
.  Product  Evaluation  Questionnaire 
.  Rating  Maintenance  Plan  (RAMP) 

.  TCSEC-85  (orange  book) 

.  TCSEC-83  (orange  book) 

.  Trusted  Facility  Management 
.  Trusted  Network  Interpretation  (TNI) 
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DOCKMASTER  Resource  Guide,  Continued 


The  following  forums  are  publicly  available.  To  access  any  of  these  forums,  enter  the  forum 
subsystem  by  typing  “forum”.  At  the  forum  prompt,  type  the  command  “go”  followed  by  either  the 
long  forum  name  or  the  short  forum  name.  The  first  entry  in  the  forum  usually  describes  the  nature 
of  the  forum  and  what  information  one  may  expect  to  find  there.  To  get  more  information  on  how  to 
read  the  forum  entries,  refer  to  the  New  User’s  Guide  to  Multics  sent  with  your  account,  send  mail  to 
“sysadmin”,  or  call  the  DOCKMASTER  office.  There  are  several  other  non-compusec  related 
forum  meetings  that  the  DOCKMASTER  user  may  be  interested  in.  To  get  a  list  of  these  meetings, 
type  “list_meetings”  or  “ism”  at  the  forum  prompt. 

Eong  EORUM  Name  Short  EORUM  Name 


CERT-TOOES 

Compusec_Papers_Database 

Computer_Security_Day 

Conferences 

Criteria 

DDN-News 

ETHICS-E 

IEEE_Cipher 

Eegislativejssues 

NB  S_Conference 

Nuance_Discussion 

RISKS 

Security  _Discussion 

Site_Security_Policy 

Tech_Guidelines_Info_Porum 

Training_courses 

VIRUS-E 

WG- Security 

announce 

cert/accreditation 

epl 

privacy_enhanced_mail 

privacy-digest 

privacy-issues 


cert-tools 

cp 

day 

conf 

criteria 

ddn-news 

ethics 

cipher 

li 

nbs 

nuance 

risks 

sd 

site- sec 

tgif 

tc 

virus 

wgs 

(no  short  name) 
certify 

(no  short  name) 

pern 

pd 

privacy 


There  is  a  menu  driven  program  on  DOCKMASTER  that  has  information  from  the  Products  and 
Services  catalog.  To  access  that  information  just  type  “openair”  and  follow  the  directions  on  the 
screen.  To  create  the  menu,  however,  the  user  must  have  the  PC  or  workstation  terminal  emulation 
software  set  to  one  that  Multics  supports  for  menu  creation.  The  most  popular  ones  are  heath- 19, 
vtlOO,  vtl02,  and  pcxt.  A  complete  list  can  see  viewed  by  typing  “print 

>doc>iml_info>video_supported_list”.  The  openair  program  will  ask  for  this  information  if  it  is 
required  to  draw  the  menu. 
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Mail  Example 


This  example  begins  from  the  Unix  command  prompt  >.  User  entries  are  shown  in  bold  italics.  The 
entries  are  from  two  accounts:  richard  andfeingold,  indicated  by  the  square  bracketed  remarks. 

[As  richard] 

>  mail  feingold 

Subject:  workshop  demonstration 

Well,  do  you  think  this  will  work?  Remember  to  type  control-d  at  the  end.  Okay? 

<control-d> 

EOT 

[As  feingold] 

>  mail 

Mail  version  SMI  4.0  Wed  Feb  7  23:10:16  PST  1990  Type  ?  for  help. 

“/usr/spool/mail/feingold”:  3  messages  2  new  3  unread 

U  1  krvw@cert.org  Mon  Nov  16  14:35  936/38857  VIRUS-L  Digest  V5  #180 
>N  2  richard  Mon  Nov  16  15:11  12/301  Re:  test 
N  3  richard  Mon  Nov  16  15:19  14/358  workshop  demonstration 
&3 

Message  3: 

From  richard  Mon  Nov  16  15:19:21  1992 
Return-Path:  <richard> 

Received:  by  (4.1/SMI-4.1) 

id  AA00471;  Mon,  16  Nov  92  15:19:20  PST 
Date:  Mon,  16  Nov  92  15:19:20  PST 
From:  richard  (RAF) 

Message-Id:  <921 1 1623I9.AA0047I  @> 

To:  feingold 

Subject:  workshop  demonstration 
Status:  R 

Well,  do  you  think  this  will  work?  Remember  to  type  control-d  at  the  end.  Okay? 

&  r 

To:  richard 

Subject:  Re:  workshop  demonstration 

Why  did  you  send  me  this? 

<control-d> 

EOT 

&h 

U  1  krvw@cert.org  Mon  Nov  16  14:35  936/38857  VIRUS-F  Digest  V5  #180 
N  2  richard  Mon  Nov  16  15:11  12/301  Re:  test 

>  3  richard  Mon  Nov  16  15:19  14/358  workshop  demonstration 

&  s  workshop _msg 

“workshop_msg”  [New  file]  14/368 

&  q 

> 
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eff  Anonymous  ftp  Example 


This  example  begins  from  the  Unix  command  prompt  >.  User  entries  are  shown  in  bold  italics. 

>  ftp  ftp.eff.org 
Connected  to  kragar.eff.org. 

220  kragar.eff.org  FTP  server  (Version  6.9  Tue  Jul  7  15:53:04  EDT  1992)  ready. 

Name  (ftp.eff.org:feingold):  anonymous 

331  Guest  login  ok,  send  E-mail  address  as  password. 

Password:  feingold@local.sub.gov 

230-If  your  ftp  client  chokes  on  this  message,  log  in  with  a  as  the 
230-first  character  of  your  password  to  disable  it. 

230- 

230-If  you  have  problems  with  or  questions  about  this  service,  send  mail  to 
230-ftphelp@eff.org;  weTl  try  to  fix  the  problem  or  answer  the  question. 

230- 

230-Electronic  Erontier  Eoundation  newsletters  and  other  information  are  in 
230-pub/EEE  and  subdirectories  thereof.  If  you’re  interested  in  official 
230-EEE  positions  and  philosophies,  look  here. 

230- 

230-Eor  general  information  on  the  EEE,  get  pub/EEE/about-eff. 

230- 

230-Please  read  the  file  README 

230-  it  was  last  modified  on  Sat  May  2  18:10:09  1992  -  193  days  ago 
230  Guest  login  ok,  access  restrictions  apply. 
ftp>  Is 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  file  list. 

etc 

pub 

bin 

users 

1S-1R.Z 

.notar 

README 

226  Transfer  complete. 

47  bytes  received  in  0.011  seconds  (4.3  Kbytes/s) 

ftp>  get  README 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  README  (279  bytes). 

226  Transfer  complete. 

local:  README  remote:  README 

285  bytes  received  in  0.0027  seconds  (le-i-02  Kbytes/s) 

ftp>  cd  pub 

250  CWD  command  successful. 
ftp>  cd  CUD 

250  CWD  command  successful. 
ftp>  Is 

200  PORT  command  successful. 
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150  Opening  ASCII  mode  data  eonneetion  for  file  list. 

Added 

Index 

.notar 

edugd 

aleor 

ane 

ati 

bootlegger 

eee 

ehalisti 

ede 

epi 

end 

dfp 

fbi 

inform 

law 

lod 

mise 

nare 

networks 

nfx 

nia 

nsa 

papers 

phantasy 

phraek 

phun 

pirate 

PPP 

sehools 

synd 

tap 

upi 

wview 

aotd 

Index.- l~ 

Added.~l~ 

Added.~2~ 

Index. -2- 

226  Transfer  eomplete. 

280  bytes  reeeived  in  0.037  seeonds  (7.4  Kbytes/s) 

ftp>  cd  bootlegger 

250  CWD  eommand  sueeessful. 

ftp>  Is 

200  PORT  eommand  sueeessful. 

150  Opening  ASCII  mode  data  eonneetion  for  file  list. 

bootlegger- 6 

bootlegger-7 

226  Transfer  eomplete. 

28  bytes  reeeived  in  0.0032  seeonds  (8.6  Kbytes/s) 
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ftp>  get  bootlegger-7 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  bootlegger-7  (101274  bytes). 

226  Transfer  complete. 

local:  bootlegger-7  remote:  bootlegger-7 

103885  bytes  received  in  56  seconds  (1.8  Kbytes/s) 

ftp>  quit 

221  Goodbye. 
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This  example  begins  from  the  Unix  command  prompt  stc06>.  User  entries  are  shown  in  bold  italics. 
stc06>  rn 

Unread  news  in  ornl.education. general  111  articles 

Unread  news  in  ornl.mail.decstation-managers  21  articles 
Unread  news  in  ornl.mail.framers  141  articles 

Unread  news  in  ornl.mail.info-afs  57  articles 

Unread  news  in  ornl.mail.report-card  15  articles 

********  111  unread  articles  in  ornl.education.general— read  now?  [ynq]n 

********  15  unread  articles  in  ornl. .  .read  now?  [ynq]  g  alt.bbs.lists 
********  152  unread  articles  in  alt.bbs.lists— read  now?  [ynqjy 
Article  402  (151  more)  in  alt.bbs.lists: 

From:  delivery@ixgch.imp.com  (Ixgate  Delivery) 

Newsgroups:  eh. general, chcon.general,de.etc.lists,alt.bbs. lists, alt.bbs,comp.bbs 
.misc,xgp. general 

Subject:  BBS-List  of  Switzerland  (October  1992) 

Date:  14  Oct  92  01:06:20  GMT 
Followup-To:  eh. general 
Distribution:  world 
Lines:  976 


The  BBS-List  Service  of  XGP  Switzerland 

distributing  the  Swiss  BBS-List  on  the  Internet! 

(See  end  of  document  for  more  details  on  this  service.) 

###BOT  ####################################################################### 


BYTE  RIDER’S  DREAM  BBS  EIST  OE  SWITZEREAND  **************  OCTOBER  1992 
USRobotix  Oder  nix! 

Computers  by  AMIGA,  Modems  by  USRobotics,  support  by  MTV 


-MORE-(2%)g 

********  2  unread  articles  in  alt.bbs. lists. d— read  now?  [ynq]  g  comp.risks 
********  8  unread  articles  in  comp.risks— read  now?  [ynqjy 
Article  142  (7  more)  in  comp.risks  (moderated): 

Erom:  risks  ©CSE.SRI.COM  (RISKS  Eorum) 

Subject:  RISKS  DIGEST  13.86 
Date:  24  Oct  92  20:39:50  GMT 
Distribution:  world 
Organization:  The  Internet 
Eines:  602 

RISKS-EIST:  RISKS-EORUM  Digest  Saturday  24  October  1992  Volume  13  :  Issue  86 
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FORUM  ON  RISKS  TO  THE  PUBLIC  IN  COMPUTERS  AND  RELATED  SYSTEMS 
ACM  Committee  on  Computers  and  Publie  Poliey,  Peter  G.  Neumann,  moderator 

Contents: 

Software  Bombs  Out  —  Ark  Royal  revisited  (Simon  Marshall) 

Erased  Disk  used  against  Brazilian  President  (Geraldo  Xexeo) 

The  NSE  Net  eable-eut  story  (Steve  Martin  via  Alan  Wexelblat) 

Risks  in  Banking,  Translation,  ete.  (Paul  M.  Wexelblat) 

Re:  15th  National  Computer  Seeurity  Conferenee  (Dorothy  Denning) 

Re:  Vote  Early,  Vote  Often  (Louis  B.  Moore) 

T*p  S*er*t  (Berry  Kereheval) 

Book  Review:  The  Haeker  Craekdown  (David  Barker-Plummer) 

Tilling  station  POS  terminals:  eredit  eard  users  beware!  (Steve  Summit) 

Int  Workshop  on  Eault  and  Error  Models  of  Eailures  in  Comp  Sys  (Ram  Chillarege) 
-MORE-(4%) 

End  of  artiele  142  (of  149)— what  next?  [npq]  s 

Eile  /usr/ul/fgq/News/Comp.risks  doesn’t  exist— 
use  mailbox  format?  [ynqjy 
Saved  to  mailbox  /usr/ul/fgq/News/Comp.risks 
End  of  artiele  142  (of  149)— what  next?  [npq]^ 

********  194  unread  artieles  in  eomp.roboties— read  now?  [ynq]^ 
ste06> 
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NIST  Dial  Up  Electronic  Bulletin  Board  System  Example 


In  this  example,  access  is  via  a  Hayes  compatable  modem.  User  entries  are  shown  in  bold  italics. 
Note  that  the  NIST  electronic  bulletin  board  system  can  also  be  accessed  via  ftp. 

atdt  3019485717 

RRING 

CONNECT  2400 

Welcome  to  NIST  CSRC  BBS  -  Node  2  (Reliable) 

For  faster  login,  enter  FIRSTNAME  LASTNAME  PASSWORD 
What  is  your  FIRST  name? 

What  is  your  LAST  name?  Richard  Feingold 

Checking  Users... 

User  not  found 

Are  you  'RICHARD  FEINCOLD'  ([Y],N)?  y 
What  is  your  CITY  and  STATE?  Livermore,  CA 

Welcome  to  the  National  Institute  of  Standards  and  Technology  - 
[...disclaimer/responsibility  information  deleted...] 
by  the  National  Institute  of  Standards  and  Technology. 

■k  -k  -k  -k  -k 

RICHARD  FEINCOLD  from  LIVERMORE,  CA 

Ohange  FIRST  name/LAST  name/CITY  and  STATE,  D)isconnect,  [R]egister?  r 
Enter  PASSWORD  you'll  use  to  logon  again  (dots  echo)?  mypassword 
Re-Enter  password  for  Verification  (dots  echo) ?  mypassword 
Please  REMEMBER  your  password 

Welcome  to  RBBS-PC,  Richard.  Your  security  level  5  indicates  that  you  have 
sufficient  security  to  access  this  BBS.  You  have  60  (mins: secs)  for 
this  session. 

Logging  RICHARD  FEINCOLD 

RBBS-PC  17. 3C  Node  2,  operating  at  2400  BAUD-R,N,8,1 
Telling  sysop  you're  on... 

Welcome  to  the  NIST  Computer  Security  Bulletin  Board 

This  Bulletin  Board  is  maintained  by  the  Computer  Systems  Laboratory 
and  is  intended  to  encourage  the  sharing  of  information  that  will  help 
users  and  managers  beter  protect  their  data  and  sytems.  The  mention 
of  vendors  or  product  names  does  not  imply  criticism  or  endorsement  by 
the  National  Institute  of  Standards  and  Technology  or  by  the  SYSOP. 

Sysop:  Marianne  Swanson 
Technical  Questions:  John  Wack 
Voice:  (301)  975-3359 
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NIST  Dial  Up  Electronic  Bulletin  Board  System  Example, 

Continued 


301-948-5717  — > 
— > 

301-948-5140  — > 
— > 


300/1200/2400 

300/1200/2400 

1200/2400/9600 

1200/2400/9600 


Node  1 
Node  2 
Node  3 
Node  4 


Internet:  telnet  to  cs-bbs.ncsl.nist.gov  (129.6.54.30) 

download  files  available  via  anonymous  ftp 
from  csrc.ncsl.nist.gov  (129.6.54.11) 

*  Note:  by  continuing,  you  explicitly  acknowledge  that  all  messages,* 

*  private  and  public,  may  be  read  by  others,  including  the  sysop (s) .* 


*  Ctrl-K(^K)  /  aborts.  suspends  "'Q  resumes  * 

************************  NEWS  *********************************** 
February  18,  1993 

The  draft  Federal  Criteria  is  now  available  in  ascii.  Bulletin  39 
describes  the  document  and  lists  all  of  the  available  formats  for 
More  [  Y]  es ,  N)  o,  C)  ont ,  A)  bort ,  J)  ump?  y 

dowloading . 

NIST  Special  Publication  800-5  and  800-6  are  also  now  available  in 
ascii.  Several  new  alerts  have  been  posted  as  well  as  a  proposed 
guideline  on  sentencing  criminals. 

We  have  been  having  periodic  problems  with  our  Internet  connection. 
Efforts  are  being  made  to  correct  the  situation. 


At  least  0  NEW  file(s)  since  last  on 


*  Ctrl-K(^K)  /  aborts.  ^S  suspends  "'Q  resumes  * 

BULLETIN  TOPICS  MENU 


1  Using  the  BBS  -  READ  THIS! 

2  Computer  Security  Alerts 

3  NIST  Publications 

4  Upcoming  Events  &  Activities 

5  Of  General  Interest 

6  Resources 

7  Computer  Security  Organizations 

8  Virus-L  and  Risks  Forum 


NOTE:  Viewing  Bulletins  is  NOT 
straightforward  I  The  BBS  makes 
you  view  all  bulletins  from  this 
menu  only.  For  example,  after 
displaying  sub-menu  1  you  want  to 
view  Bulletin  16,  return  to  this 
menu  and  then  enter  '16'  at  the 
prompt  at  the  bottom  of  this  menu. 

TO  DOWNLOAD  BULLETINS,  first  note 
the  bulletin  numbers.  Quit  this  menu 
go  to  the  Main  Menu  &  type  'F'  to  go 
to  the  File  Menu.  Then  type  'D'  to 
download.  To  download  Bulletin  24, 
ex.,  use  filename  'BULLET24' 


Read  what  bulletin (s),  L)ist,  S)ince,  N) ews  ([ENTER]  =  none)?  2 
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NIST  Dial  Up  Electronic  Bulletin  Board  System  Example, 

Continued 

*  Ctrl-K(^K)  /  aborts.  suspends  resumes  * 

Computer  Security  Alerts  (2) 

The  Alerts  are  placed  in  chronological  order  according  to  the  date  — 
most  recent  at  the  top  of  the  list.  There  are  nine  bulletins  listed 
at  any  given  time.  The  old  bulletins  are  located  in  the  file  section 
under  the  "Alerts"  Directory.  The  old  bulletins  can  only  be  viewed  by 
downloading  them. 

Date  Topic  Bulletin  # 


02-18-93  Revised  Commodore  Amiga  UNIX  finger  29 

Vulnerability 
CERT  Advisory 

02-17-93  Failure  to  disable  user  accounts  for  21 

VMS  5.3  to  5.5-2 
CIAC  Information  Bulletin 
More  [  Y]  es ,  N)  o,  C)  ont ,  A)  bort ,  J)  ump?  n 

[...Menu  repaint  omitted...] 

Read  what  bulletin (s),  L)ist,  S)ince,  N) ews  ([ENTER]  =  none)?  1 

*  Ctrl-K(^K)  /  ^X  aborts.  ^S  suspends  resumes  * 

Using  the  BBS  (1) 

The  following  bulletins  contain  information  on  how  to  use  this  bbs . 
It  is  advisable  to  read  these  bulletins  first  before  attempting  to 
use  the  board.  The  instructions  for  downloading  bulletins  and  files 
offers  a  step  by  step  approach  that  should  prove  very  useful. 


Bullet  # 

Last  Updated 

Topic 

11 

09-28-89 

General  Information 

12 

03-25-92 

Accessing  the  BBS 

13 

11-21-91 

About  Bulletins 

14 

11-21-91 

About  Files 

15 

09-28-89 

Messages  to  the  "Sysop" 

16 

03-25-92 

Download  and  FTP  Bulletins  and 

17 

03-27-90 

Upload  Policy 

18 

02-06-92 

Obtaining  this  BBS  software 

**NOTE:  An  extensive  User's  Guide  is  available  by  either  contacting 

Clare  Lucey  at  301-975-3359  or  by  downloading  the  file  "BBSGUIDE.TXT" 
from  this  BBS. 

*  Ctrl-K("'K)  /  "'X  aborts.  "'S  suspends  resumes  * 
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NIST  Dial  Up  Electronic  Bulletin  Board  System  Example, 

Continued 


[...Menu  repaint  omitted...] 

Read  what  bulletin (s),  L)ist,  S)ince,  N) ews  ([ENTER]  =  none)?<cr> 
Checking  messages  in  MAIN.... 

Sorry,  RICHARD,  No  mail  for  you 

RBBS-PC  17. 3C  Node  2 


Caller  #  63477  #  active  msgs:  719  Next  msg  #  2899 


-  MAIL  - 

[E]nter  Messages 
[K] ill  Messages 
[P]ersonal  Mail 

[R] ead  Messages 

[S] can  Messages 

[T] opic  of  Msgs 


[A] nswer  Questions 

[B]  ulletins 

[C] omment  to  Sysop 
[I]nitial  Welcome 

[W] ho ' s  on 


<<<* - 

?) 

[X]pert  on/off 
*  =  unavailable 


*»>  RBBS-PC  MAIN  MENU 

—  SYSTEM  -  UTILITIES 

[H]elp  (or 


ELSEWHERE  - 

[F]  lies 

[G]  oodbye 
[Q] uit 

[U] tilities 


Current  time:  11:19  AM  Minutes  remaining:  55  Security:  5 


MAIN:  55  min  left 

MAIN  command  <?  ,  A,  B,  C,  E,  F,  G,  H,  I ,  K,  P ,  Q,  R,  S ,  T,  U,  V,  W,  X>?  g 
Log  off  (Y, [N] ) ?  y 

Now:  03-02-1993  at  11:20:54 
On  for  5  mins,  54  secs 
60  min  left  for  next  call  today 
RICHARD,  Thanks  and  please  call  again! 


A-48 


Electronic  Resources  for  Security  Related  Information  CIAC-2307 


12/94 


CIAC  Anonymous  ftp  Example 


This  example  begins  from  the  Unix  command  prompt  >.  User  entries  are  shown  in  bold  italics.  Note 
that  the  name  CIAC  will  be  changing  to  ciac. 

>  ftp  CIAC 

Connected  to  CIAC.llnl.gov. 

220  CIAC.llnl.gov  FTP  server  (Version  6.22  Wed  Jan  27  09:36:28  PST  1993)  ready. 

Name  (CIAC:feingold):  anonymous 

331  Send  e-mail  address,  name,  organization,  and  phone  number  as  password. 

Password:  feingold@sub.domain.gov,  Richard  F eingold,  CIAC,  510.555. 1212 
230-  This  is  the  CIAC  archive,  provided  and  maintained  by 
230-  the  Computer  Security  Group,  Lawrence  Livermore  National 
230-  Laboratory. 

230- 

230-  All  activity  is  logged  with  your  host  name  and  e-mail  address. 

230- 

230-  If  your  FTP  client  crashes  or  hangs  shortly  after  login,  try 
230-  using  a  dash  (-)  as  the  first  character  of  your  password. 

230- 

230-  Send  comments/questions/problems  to:  ciac@llnl.gov 

230- 

230- 

230  Guest  login  ok,  access  restrictions  apply. 
ftp>  Is 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  file  list. 

lost-i-found 

etc 

bin 

pub 

usr 

dev 

.login_message 
0-index,  txt 
incoming 

226  Transfer  complete. 

76  bytes  received  in  0.016  seconds  (4.8  Kbytes/s) 
ftp>  cd  pub 

250  CWD  command  successful. 
ftp>  Is 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  file  list. 

spi 

ciac 

felix 

tmp 

util 

sun 

patches 
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CIAC  Anonymous  ftp  Example,  continued 


226  Transfer  complete. 

43  bytes  received  in  0.011  seconds  (3.9  Kbytes/s) 
ftp>  cd  ciac 

250  CWD  command  successful. 
ftp>  Is 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  file  list. 

virus -1 

news.txt 

docs 

.private 

pcvirus 

pcutils 

macvirus 

macutils 

atarivir 

reviews 

books 

ciacdoc 

certdoc 

ddndoc 

nasaspan 

nistdoc 

ihg 

226  Transfer  complete. 

149  bytes  received  in  0.023  seconds  (6.2  Kbytes/s) 
ftp>  pwd 

257  “/pub/ciac”  is  current  directory. 
ftp>  cd  ciacdoc 

250  CWD  command  successful. 
ftp>  Is 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  file  list. 
fy89 

a-fy90 

b-fy91 

c-fy92 

d-fy93 

xref.txt 

226  Transfer  complete. 

48  bytes  received  in  0.0097  seconds  (4.8  Kbytes/s) 
ftp>  cd  d-fy93 

250  CWD  command  successful. 
ftp>  Is 

200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  file  list. 

d-01  .ciac-novel-access-rights 

d-02 .  ciac-  ( *limited-distribution* ) 

d-03.ciac-vms-MONITOR-patch 

d-04.ciac-sunos- 1 8-patches 

0-index,  txt 
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CIAC  Anonymous  ftp  Example,  continued 


intro. txt-introduction-to-CIAC 
ciacreqs.txt-ciac_doe_requirements 
d-05.ciac-hp-NIS-ypbind 
226  Transfer  complete. 

230  bytes  received  in  0.016  seconds  (14  Kbytes/s) 
ftp>  get  d-03.ciac-vms-MONITOR-patch 
200  PORT  command  successful. 

150  Opening  ASCII  mode  data  connection  for  d-03.ciac-vms-MONITOR-patch  (7249  bytfes). 
226  Transfer  complete. 

local:  d-03.ciac-vms-MONITOR-patch  remote:  d-03.ciac-vms-MONITOR-patch 
7382  bytes  received  in  0.12  seconds  (61  Kbytes/s) 
ftp>  bye 
221  Goodbye. 

> 
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CIAC  Electronic  Bulletin  Board  System  Example 


In  this  example,  access  is  via  a  Hayes  compatable  modem.  User  entries  are  shown  in  bold  italics. 
Note  that  the  electronic  bulletin  board  system  can  also  be  accessed  via  ftp. 

atdt  5104234753 

RRING 

CONNECT  2400 


WARNING:  Unauthorized  access  to  this 

computer  system  is  prohibited.  Violators 
are  subject  to  criminal  and  civil  penalties. 

WELCOME  TO  FELICIA 

This  BBS  is  run  by  the  Computer  Incident  Advisory  Capability  (CIAC) . 

All  users  must  register  and  truthfully  answer  the  newuser  questionnaire. 

First  Name?  Richard 
Last  Name?  Feingold 
Searching  User  File  ... 

Calling  from  (City, State) ?  Livermore,  CA 

TBBS  Welcomes  RICH  FEINGOLD 
Calling  From  LIVERMORE,  CA 
Is  this  correct?  y 

#  Chars  per  line  on  screen (10-132) ?  80 

<A>VIDTEX  <B>TRS-80  1/3  <C>VT-52  <D>ATARI  <E>H1 9 /H8 9 / Z 1 9 

<F>IBM  PC  <G>Televid  925  <H>VT-100  <I>Mac  Versater  <J>Dum  TTY 

Enter  letter  of  your  terminal,  <CR>  if  not  listed:  h 

Terminal  Profile  Set  to: 

No  ANSI  codes  Allowed 
No  IBM  Graphics  Allowed 

Upper/Lower  Case 
Line  Feeds  Needed 
0  Nulls  after  each  <CR> 

Do  you  wish  to  modify  this?  N 

Do  you  wish  to  have  a  pause  after  each  display  page  (Y/N) ?  N 

Please  Enter  a  1-8  character  Password  to  be  used  for  future  logons.  This 
password  may  have  any  printable  characters  you  wish.  Lower  case  is  considered 
different  from  upper  case  and  imbedded  blanks  are  legal.  REMEMBER  THIS 
PASSWORD.  You  will  need  it  to  log  on  again. 

Your  password?  mypswd 

You  have  read  through  message  0 

Current  last  message  is  191 

You  are  caller  number  1726 

You  are  authorized  60  mins  this  call 
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CIAC  Electronic  Bulletin  Board  System  Example,  continued 


Policies  of  Felix 

[...Policy  and  disclaimer  omitted...] 

I  The  Computer  Incident  Advisory  Capability  Bulletin  Board  | 

I  Voice:Com/FTS  (510)422-8193  I 

I  Data:Com/FTS  (510)423-4753  2400  baud  I 

I  Com/FTS  (510)423-3331  9600  baud  I 

I  Your  friendly  Sysops  are  Bill  and  Karyn  | 

+ - + 

This  board  is  run  by  CIAC  for  the  Department  of  Energy. 

[...Informational  messages  omitted...] 

New  User  Registration  Section 

Do  you  work  for  a  DOE  site? 

<Y>es 

<N>o 

<S>kip  registration. 

Command:  y 

Registration  for  DOE  sites. 

Enter  your  full  name :  JJichard  Feingold 

Organization : LLNL 

Address  Line  l:L—303 

Address  line  2:P.O.  Box  808 

City,  State,  ZIP : Livermore,  CA  94551 

Commercial  Telephone  Number : 510 . 422 . 1 783 

FTS  Telephone  Number : 510 . 422 . 1  783 

Responsible  DOE  field  office  (SAN,  ID,  etc.) : SAN 

Richard  Feingold 

LLNL 

L-303 

P.O.  Box  808 
Livermore,  CA  94551 
510 . 422 . 1783 
510 . 422 . 1783 
SAN 

Is  this  correct  (Y/N) ?y 

FELICIA  BBS  -  Main  Menu 

Computer  Incident  Advisory  Capability 


<*>  Information  on  TBBS 

<N>ew  Files  On  Felicia 

<B>ulletins  and  System  Notices 

<F>ile  Transfer  Section 

<M>ail  and  dialog  with  Felix  users 

<V>irus  Database 

<R>ecent  callers 

<T>ime  on  the  system 

<U>tilities  Section 

<G>oodbye 
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CIAC  Electronic  Bulletin  Board  System  Example,  continued 


Command:  f 

FELICIA  BBS  -  File  Transfer  Section 
Computer  Incident  Advisory  Capability 


<D>ownload  Area 
<U>pload  Area 
<->Previous  Menu 
<T>ime  on  the  system 
<G>oodbye 

Command:  d 

FELICIA  BBS  -  File  Download  Section 
Computer  Incident  Advisory  Capability 


Select  A  Download  Area  From  The  Following  List 


<M>acintosh  Files 
Macintos<h>  Utility  Programs 
<P>C  Files 

PC  <U>tility  Programs 
<A>tari  files 

<L>  Incident  Handling  Guidelines 
<C>IAC  Documents 
C<E>RT  Documents 
<N>IST  Documents 
<D>DN  Documents 
NA<S>A-SPAN  documents 
<V>irus-L  Moderated  News 
<R>eviews  of  anti-virus  software 
<0>ther  useful  stuff. 

<->Previous  menu 
<T>ime  on  the  system 
<G>oodbye 


Command:  o 


Type  P  to  Pause,  S  to 

Stop  list 

This  directs 

ry  conta 

ETC  Di: 

ins  useful 

categories . 

Notices 

and  Guides 

BIBLIO.TXT 

3463 

2-05-92 

GRADSCH.TXT 

3537 

12-09-91 

CIACDB.ZIP 

110025 

3-25-91 

DES. TXT 

22455 

1-30-90 

FATHER_X . TXT 

41966 

1-11-90 

GUIDANCE.TXT 

13568 

12-17-84 

FTPSITES.TXT 

35737 

1-11-90 

Bibliography  of  virus  books. 

Grad  schools  with  Comp  Security  Progs. 
CIAC  virus  database  (big) 

General  information  on  DES  encryption 
A  full  report  on  the  Father  Xmas  worm 
General  guidance  on  computer  security 
Common  FTP  sites  on  the  Internet 


<D>ownload,  <P>rotocol,  <E>xamine,  <N>ew,  <H>elp,  or  <L>ist 
Selection  or  <CR>  to  exit : <cr> 
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CIAC  Electronic  Bulletin  Board  System  Example,  continued 


FELICIA  BBS  -  File  Download  Section 
Computer  Incident  Advisory  Capability 


Select  A  Download  Area  From  The  Following  List 

<M>acintosh  Files 
Macintos<h>  Utility  Programs 
<P>C  Files 

PC  <U>tility  Programs 
<A>tari  files 

<L>  Incident  Handling  Guidelines 
<C>IAC  Documents 
C<E>RT  Documents 
<N>IST  Documents 
<D>DN  Documents 
NA<S>A-SPAN  documents 
<V>irus-L  Moderated  News 
<R>eviews  of  anti-virus  software 
<0>ther  useful  stuff. 

<->Previous  menu 
<T>ime  on  the  system 
<G>oodbye 

Command:  gr 

FELICIA  BBS  -  Termination  Section 
Computer  Incident  Advisory  Capability 


Do  you  want  to  leave  a  message  for  the 
SYSOP? 

<Y>es 

<N>o 

<->Return  to  previous  menu 
Command:  n 

Logged  on  at  13:17:45 
Logged  off  at  13:20:38 

Thanks  for  calling  FELICIA 
Please  Hang  Up  Now 
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Appendix  B:  Contacting  CIAC 


Contacting  CIAC 


Phone 

(510)  422-8193 

Fax 

(510)  423-8002 

STU-III 

(510)  423-2604 

Eiectronic 

maii 

ciac@llnl.gov 

Emergency 

SKYPAGE 

800-SKYPAGE  pin#  855-0070 

Anonymous 
FTP  server 

ciac.llnl.gov  (IP  128.115.19.53) 

BBS 

(510)  423-3331  (9600  Baud) 
(510)  423-4753  (2400  Baud) 
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Reader  Comments 


CIAC  updates  and  enhances  the  documentation  it  produces.  If  you  find  errors  in  or  have 
suggestions  to  improve  this  document,  please  fill  out  this  form.  Mail  it  to  CIAC,  Lawrence 
Livermore  National  Laboratory,  P.O.  Box  808,  Mail  Stop  L-303,  Livermore,  CA,  94551- 
9900.  Thank  you. 

List  errors  you  find  here.  Please  include  page  numbers. 
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